From nobody Sun Mar 1 07:03:02 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7456C3A03FF; Sun, 1 Mar 2020 07:03:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PanSdbOOgNEX; Sun, 1 Mar 2020 07:02:58 -0800 (PST) Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FE783A0400; Sun, 1 Mar 2020 07:02:58 -0800 (PST) Received: by mail-il1-x131.google.com with SMTP id r4so5709064iln.0; Sun, 01 Mar 2020 07:02:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JhCFeoX4Hskp0OTbAznAGczi7/HDl6CwyMjL7q6HCG8=; b=hM+aMTw1Mr8rEmZ/t7xInCIPR4YI//tPx5HPiy2haH3gLldMD7qOnAJGkwOg82IxCE EodPWnokn/8l+Q4ILd7hez4zT/f8wxFBeyiByT1VdUPNr1DEYe21Bf0SRAyz0dHkSMC7 TFDyvAhsMh+ECS1ra/6yV/LOgwUvxGkWDXHjxfL57Rz8aPF3FuWivQ0PNyr5EC7XZeZl wJrd/cQbZa/ew+cGISmH+wlX6OTuDSZSPu5K4hSQ1m2Nkmyc7ON/6DJGOrgNl5CHweUO MmAeNhX1KZrRtjrmhZKClhQT/EzM7Vm/PRN1ijAgYR8XwOjPSIfx7fHuuswDFn9LdRvW UOlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JhCFeoX4Hskp0OTbAznAGczi7/HDl6CwyMjL7q6HCG8=; b=sqvTMBIAqYBBuznDveEuT08Lii5riO/4A3c2g8XEoKVQLtDYGfaDWnBpOwoRg1X2X+ 6cQtpmKHHSzGtvtBKA7qgjYUHI0SfkjuEx/h5CY7QdU+OFRyMhjO9Lt9Q1pPEwynwsOA IGBQrAKxCCoRXBUUc41EB/L9R3zVR5h+DcjE8sXDVtFlw7Ta/ZScymZNini2zrVoopPY kBqJ7baq+EHesC2JnDnJQdh/Rcqjn5KcxuKd3Bwfvi/XHe2w7DySNqVqtHBPStvHdnvP p1mPhC2psgS0VF2o2BshxAPh/D16b0qVeB27lY6h6uJWMl02EkOawAUcDTAXeyRkBvaW W/LQ== X-Gm-Message-State: APjAAAUxbHhVXVhco1bEQMILxD7he8GnpjvOoDPH0qCY47uP+GIJK7XI +sD76YNTRmvhZPIIToyQCSpAQ0SD5bauXX6brKwFnR2o X-Google-Smtp-Source: APXvYqzne1mNPW21tXjWlBwbYcNaHCdovqdqK29To2dtKN3KvIFUO5/9WoJx2ZWWc+AwsnEetPpnd2P4pqrINerW6bk= X-Received: by 2002:a92:8307:: with SMTP id f7mr13005679ild.73.1583074977402; Sun, 01 Mar 2020 07:02:57 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Rifaat Shekh-Yusef Date: Sun, 1 Mar 2020 10:02:47 -0500 Message-ID: To: "A. Jean Mahoney" Cc: SIPCORE , "draft-ietf-sipcore-sip-token-authnz@ietf.org" Content-Type: multipart/alternative; boundary="000000000000ae572a059fcc5deb" Archived-At: Subject: Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-sip-token-authnz-08 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Mar 2020 15:03:01 -0000 --000000000000ae572a059fcc5deb Content-Type: text/plain; charset="UTF-8" Hi Jean, Thanks for the detailed review, comments, and suggestions. Please, see my replies inline below. Regards, Rifaat On Sun, Feb 23, 2020 at 4:29 PM A. Jean Mahoney wrote: > Hi all, > > Below is my review of -08. > > Thanks! > > Jean > > > Abstract - To better define what the document covers, perhaps: > > This document defines the "Bearer" authentication scheme for > the Session Initiation Protocol (SIP), and a mechanism by > which user authentication and SIP registration authorization > is delegated to a third party, using the OAuth 2.0 framework > and OpenID Connect Core 1.0. This document updates RFC 3261 > to provide guidance on how a SIP User Agent Client (UAC) > responds to a SIP 401/407 response that contains multiple > WWW-Authenticate/Proxy-Authenticate header fields. > > Ok > > Copyright - Does the document need a disclaimer for pre-RFC5378 work? > > Is there a specific text that I need to include that is missing from the current draft? > > Section 1. Introduction > > The introduction should provide some text about the single-signon use > case. > > Agree > I would pull the Example Flows section forward to be part of the > Introduction. > > Agree > > Section 1.2 SIP User Agent Types > > I think that this section should include a brief, non-normative > discussion of how a UAC can act on an HTTPS URL - RFC8252 for Native > Apps (user interacts with the authorization server with a browser), > RFC8628 for browserless devices, and that there may be other ways in the > future. > > I am not sure this is needed her, as this is described in later sections > > Section 2.1 UAC Behavior > > Should provide more guidance on token expiration. Agree > > > Section 2.1.1 Obtaining Tokens > > Add references for the token types. > > Ok > > Section 2.2. UAS and Registrar Behavior > > Should provide more guidance on token expiration. > > Ok > > > Section 3. Access Token Claims > > Add info about reference token (or maybe that should go in the Intro) > > Ok > > > Section 8. Acknowledgments > > Yehoshua Gev should also get a nod in this section. > > Agree. > > > Nits: > > See the pull request for specifics. > > https://github.com/rifaat-ietf/draft-ietf-sipcore-sip-token-authnz/pull/5/commits/a653c1a5f1184f3eeb5ccabd101f0d6a0053a6b1 > > Thanks for these. Regards, Rifaat --000000000000ae572a059fcc5deb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jean,

Thanks for th= e detailed review, comments, and=C2=A0suggestions.
Please, see my= replies inline below.

Regards,
=C2=A0Ri= faat


On Sun, Feb 23, 2020 at 4:29 PM A. Jean Mahoney &l= t;mahoney@nostrum.com> wrote:=
Hi all,

Below is my review of -08.

Thanks!

Jean


Abstract -=C2=A0 To better define what the document covers, perhaps:

=C2=A0 =C2=A0 This document defines the "Bearer" authentication s= cheme for
=C2=A0 =C2=A0 the Session Initiation Protocol (SIP), and a mechanism by
=C2=A0 =C2=A0 which user authentication and SIP registration authorization<= br> =C2=A0 =C2=A0 is delegated to a third party, using the OAuth 2.0 framework<= br> =C2=A0 =C2=A0 and OpenID Connect Core 1.0.=C2=A0 This document updates RFC = 3261
=C2=A0 =C2=A0 to provide guidance on how a SIP User Agent Client (UAC)
=C2=A0 =C2=A0 responds to a SIP 401/407 response that contains multiple
=C2=A0 =C2=A0 WWW-Authenticate/Proxy-Authenticate header fields.

Ok
=C2=A0

Copyright - Does the document need a disclaimer for pre-RFC5378 work?

Is there a specific text that I need to include that = is missing=C2=A0from the current draft?


=
=C2=A0

Section 1. Introduction

The introduction should provide some text about the single-signon use
case.

Agree
=C2=A0
I would pull the Example Flows section forward to be part of the
Introduction.

Agree
=C2=A0

Section 1.2=C2=A0 SIP User Agent Types

I think that this section should include a brief, non-normative
discussion of how a UAC can act on an HTTPS URL - RFC8252 for Native
Apps (user interacts with the authorization server with a browser),
RFC8628 for browserless devices, and that there may be other ways in the future.

I am not sure this is needed her, as this is describe= d in later sections
=C2=A0

Section 2.1=C2=A0 UAC Behavior

Should provide more guidance on token expiration.
=C2=A0
Agree

=C2=A0
=C2=A0

Section 2.1.1=C2=A0 Obtaining Tokens

Add references for the token types.

Ok
=C2=A0

Section 2.2. UAS and Registrar Behavior

Should provide more guidance on token expiration.

Ok
=C2=A0


Section 3. Access Token Claims

Add info about reference token (or maybe that should go in the Intro)

Ok
=C2=A0


Section 8.=C2=A0 Acknowledgments

Yehoshua Gev should also get a nod in this section.

Agree.

=C2=A0


Nits:

See the pull request for specifics.
https://github.com/rifaat-ietf/draft-ietf-sipcore-sip= -token-authnz/pull/5/commits/a653c1a5f1184f3eeb5ccabd101f0d6a0053a6b1
Thanks for these.
=C2=A0
=C2=A0Re= gards,
=C2=A0Rifaat
--000000000000ae572a059fcc5deb-- From nobody Fri Mar 6 13:04:57 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E21D3A0A8E; Fri, 6 Mar 2020 13:04:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.403 X-Spam-Level: X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.276, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQOUmNgMgbRD; Fri, 6 Mar 2020 13:04:54 -0800 (PST) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 472123A0A8C; Fri, 6 Mar 2020 13:04:54 -0800 (PST) Received: from mutabilis-2.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id 026L4pm9018848 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 6 Mar 2020 15:04:52 -0600 (CST) (envelope-from mahoney@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1583528692; bh=6Xi+H+bX3LcFENvcQeqz01/MQjGrpD+pESuNEhL/EuQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=s9c2dZbjiHVbijU7Sj43mUPVHfkrxRSK8phidJPl538dxh+QqZ8aCtLfTHFGC1FNl JdObrMH6ajmEWSwfbdTPUGpZrfvM3kWWvYKltaELdILxtsAx7D+iSMfkR+orfS9V1n OUmk2Rx3HGUCE07ZI2+DMIT17RVQ/TfoUvW92slA= X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be mutabilis-2.local To: Rifaat Shekh-Yusef Cc: SIPCORE , "draft-ietf-sipcore-sip-token-authnz@ietf.org" References: From: "A. Jean Mahoney" Message-ID: <77ecf352-d609-9ede-e2f5-20e8a1c46bc5@nostrum.com> Date: Fri, 6 Mar 2020 15:04:51 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-sip-token-authnz-08 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2020 21:04:56 -0000 Hi Rifaat, Thanks for the reply. An answer to your question below: On 3/1/20 9:02 AM, Rifaat Shekh-Yusef wrote: > Hi Jean, > > Thanks for the detailed review, comments, and suggestions. > Please, see my replies inline below. > > Regards, >  Rifaat > > > On Sun, Feb 23, 2020 at 4:29 PM A. Jean Mahoney > wrote: > > Hi all, > > Below is my review of -08. > > Thanks! > > Jean > > > Abstract -  To better define what the document covers, perhaps: > >     This document defines the "Bearer" authentication scheme for >     the Session Initiation Protocol (SIP), and a mechanism by >     which user authentication and SIP registration authorization >     is delegated to a third party, using the OAuth 2.0 framework >     and OpenID Connect Core 1.0.  This document updates RFC 3261 >     to provide guidance on how a SIP User Agent Client (UAC) >     responds to a SIP 401/407 response that contains multiple >     WWW-Authenticate/Proxy-Authenticate header fields. > > Ok > > > Copyright - Does the document need a disclaimer for pre-RFC5378 work? > > Is there a specific text that I need to include that is missing from the > current draft? It's not necessary to include the pre-RFC5378 text in the copyright unless you are incorporating text from work that was created before RFC 5378. You can change the following in the element in the XML to remove it: ipr="pre5378Trust200902"/ipr="trust200902" Jean > > > Section 1. Introduction > > The introduction should provide some text about the single-signon use > case. > > Agree > > I would pull the Example Flows section forward to be part of the > Introduction. > > Agree > > > Section 1.2  SIP User Agent Types > > I think that this section should include a brief, non-normative > discussion of how a UAC can act on an HTTPS URL - RFC8252 for Native > Apps (user interacts with the authorization server with a browser), > RFC8628 for browserless devices, and that there may be other ways in > the > future. > > I am not sure this is needed her, as this is described in later sections > > > Section 2.1  UAC Behavior > > Should provide more guidance on token expiration. > > Agree > > > > Section 2.1.1  Obtaining Tokens > > Add references for the token types. > > Ok > > > Section 2.2. UAS and Registrar Behavior > > Should provide more guidance on token expiration. > > Ok > > > > Section 3. Access Token Claims > > Add info about reference token (or maybe that should go in the Intro) > > Ok > > > > Section 8.  Acknowledgments > > Yehoshua Gev should also get a nod in this section. > > Agree. > > > > Nits: > > See the pull request for specifics. > https://github.com/rifaat-ietf/draft-ietf-sipcore-sip-token-authnz/pull/5/commits/a653c1a5f1184f3eeb5ccabd101f0d6a0053a6b1 > > Thanks for these. >  Regards, >  Rifaat From nobody Sat Mar 7 09:59:19 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22DF73A1725 for ; Sat, 7 Mar 2020 09:59:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.086 X-Spam-Level: X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1h1DEM1YhC7 for ; Sat, 7 Mar 2020 09:59:12 -0800 (PST) Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D42473A1724 for ; Sat, 7 Mar 2020 09:59:06 -0800 (PST) Received: by mail-il1-x135.google.com with SMTP id a14so1913972ilk.6 for ; Sat, 07 Mar 2020 09:59:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7u9IZ/CGa8M3mZsttyQr+nUBLb8+rMVRQwL62+4kBIE=; b=ZY+d9LD4V4wHxaed7nSgE7xFWcyQ6E6ZIY6pDLyIwWYCZADS/LLPsXIWT+mAKTivnC iC3YFIMGw3oVK4LPdA9LaDNf+k0u2AuRhReWlK1ipHzv/aRbRjmw0xmRcKh0rGS2QK23 oMs2Q2Wp0z6rmgHnUc07QCcEXq67ay6wo2pBsUV4Kq8dOtI0QPou2+79jv2jJdafBlkk /YGghgMrV+2sU+cJf+TpwK98mznxkHxSeU9KJy1dvcwGhnry9+v66fKoIGV916/Lyy38 i1bsQXiFOX5eFi8NCwM1DnSxQYAwNUDV59vpuvOD+8A4ACvdONog13gz1w6rR4tDwlF/ D27Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7u9IZ/CGa8M3mZsttyQr+nUBLb8+rMVRQwL62+4kBIE=; b=YZQi8/oBbMtptm1Qd7zAet04q4wjT4S27MaghwDCaz/a8t6NBexopiN62Dx0yYVxxK AOPH4vg5LQBoyvV1sadMKSPGElIgBUsgcg2EYydmuXiIRS/gcL4YMCTHK+GaBi2bTWus D/jeBjZ6XWCOKrI0Rvrz8WKZxP4VIARRg1ObfsmqKx1ueKSkNmYKV6NW+jMADZMFDSxm tIPjD+Ret/niUPaq+XqK1IPYK1pwozniyapn7V7MckUbfl0Gu0I1HNoAxLf3ONEKy3X7 vUD31apTDx0zjOlMVE6RD4Jxdw8plBG4TPSzXiJL6Cgp68fBHbtOXyg6SO1L/HtuEtup ci2A== X-Gm-Message-State: ANhLgQ0vkEm6l6AKJKRscEsThYlaa2/O4YBZoAPA40iqWJhbLN+WwM9L WHKk3TF1dgnoTSUgAIWNHxBJAccZHXt7pjXLOZ0= X-Google-Smtp-Source: ADFU+vsbFWWJ6h8y3nCXJAKbQL0+tDnHOYaWEJXIxa6CklOGl+9K6lmP8pZdCvprBeOYiJp5x3eUUNZPtJ2HRrNUEJo= X-Received: by 2002:a05:6e02:c72:: with SMTP id f18mr8168565ilj.36.1583603945778; Sat, 07 Mar 2020 09:59:05 -0800 (PST) MIME-Version: 1.0 References: <158357918194.18146.3803443161283081080@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Sat, 7 Mar 2020 12:58:55 -0500 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000a7377805a0478627" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-09.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 17:59:18 -0000 --000000000000a7377805a0478627 Content-Type: text/plain; charset="UTF-8" Thanks Paul, See my replies inline below. Regards, Rifaat On Sat, Mar 7, 2020 at 10:53 AM Paul Kyzivat wrote: > Rifaat, > > Thanks for this update. It is improved. > > The new description of token types in section 1.3 is helpful. But then > section 2.1.1 talks about some different token types: access tokens and > refresh tokens. This seems to be a different dimension of token > variation. Are these two independent dimensions? Section 1.3 describes possible *representations *of tokens. I will change the name of the section to Token Representation and update the text accordingly. > IOW, can access tokens > be either structured or reference, Yes > and also refresh tokens be structured > or reference? No. Refresh token is only consumed by the AS, and it is usually a reference token. > It would be good to expand the discussion in section 1.3 > to cover all of this. > > Will do. Thanks, > Paul > > On 3/7/20 6:11 AM, Rifaat Shekh-Yusef wrote: > > All, > > > > We have submitted a new version that we believe addresses all the > > comments received during the shepherd review. > > Please, take a look and let us know if you have any further comments. > > > > Regards, > > Rifaat > > > > > > On Sat, Mar 7, 2020 at 6:07 AM > > wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Session Initiation Protocol Core WG > > of the IETF. > > > > Title : Third-Party Token-based Authentication > > and Authorization for Session Initiation Protocol (SIP) > > Authors : Rifaat Shekh-Yusef > > Christer Holmberg > > Victor Pascual > > Filename : draft-ietf-sipcore-sip-token-authnz-09.txt > > Pages : 14 > > Date : 2020-03-07 > > > > Abstract: > > This document defines the "Bearer" authentication scheme for the > > Session Initiation Protocol (SIP), and a mechanism by which user > > authentication and SIP registration authorization is delegated > to a > > third party, using the OAuth 2.0 framework and OpenID Connect > Core > > 1.0. This document updates RFC 3261 to provide guidance on how > > a SIP > > User Agent Client (UAC) responds to a SIP 401/407 response that > > contains multiple WWW-Authenticate/Proxy-Authenticate header > fields. > > > > > > The IETF datatracker status page for this draft is: > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-09 > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-09 > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-09 > > > > > > A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-09 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org > > . > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000a7377805a0478627 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks=C2=A0Paul,

See = my replies inline below.

Regards,
=C2=A0= Rifaat


=
On Sat, Mar 7, 2020 at 10:53 AM Paul = Kyzivat <pkyzivat@alum.mit.edu<= /a>> wrote:
R= ifaat,

Thanks for this update. It is improved.

The new description of token types in section 1.3 is helpful. But then
section 2.1.1 talks about some different token types: access tokens and refresh tokens. This seems to be a different dimension of token
variation. Are these two independent dimensions?
=C2=A0
Section 1.3 describes possible representations of tokens.
I will change the name of the section to = Token Representation and update the text accordingly.
=

=C2=A0
IOW, can access tokens
be either structured or reference,
Yes

=C2=A0
and al= so refresh tokens be structured
or reference?
No. Refresh token is only consumed by the A= S, and it is usually a reference token.

=C2=A0
It would be good to exp= and the discussion in section 1.3
to cover all of this.

=C2=A0
Will do.


=C2=A0 =C2=A0= =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul

On 3/7/20 6:11 AM, Rifaat Shekh-Yusef wrote:
> All,
>
> We have submitted a new version that we believe=C2=A0addresses all the=
> comments received during the shepherd review.
> Please, take a look and let us know if you have any further comments.<= br> >
> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Sat, Mar 7, 2020 at 6:07 AM <internet-drafts@ietf.org
> <mailto:internet-drafts@ietf.org>> wrote:
>
>
>=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is available from the on-line = Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0This draft is a work item of the Session Initiation= Protocol Core WG
>=C2=A0 =C2=A0 =C2=A0of the IETF.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based Authentication
>=C2=A0 =C2=A0 =C2=A0and Authorization for Session Initiation Protocol (= SIP)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer Holmberg
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor Pascual
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 = =C2=A0 =C2=A0 : draft-ietf-sipcore-sip-token-authnz-09.txt
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 : 2020-03-07
>
>=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This document defines the "Beare= r" authentication scheme for the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Session Initiation Protocol (SIP), an= d a mechanism by which user
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authentication and SIP registration a= uthorization is delegated to a
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0third party, using the OAuth 2.0 fram= ework and OpenID Connect Core
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01.0.=C2=A0 This document updates RFC = 3261 to provide guidance on how
>=C2=A0 =C2=A0 =C2=A0a SIP
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0User Agent Client (UAC) responds to a= SIP 401/407 response that
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0contains multiple WWW-Authenticate/Pr= oxy-Authenticate header fields.
>
>
>=C2=A0 =C2=A0 =C2=A0The IETF datatracker status page for this draft is:=
>=C2=A0 =C2=A0 =C2=A0https:/= /datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
>
>=C2=A0 =C2=A0 =C2=A0There are also htmlized versions available at:
>=C2=A0 =C2=A0 =C2=A0https://to= ols.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-09
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-09
>=C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-auth= nz-09>
>
>=C2=A0 =C2=A0 =C2=A0A diff from the previous version is available at: >=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-09
>
>
>=C2=A0 =C2=A0 =C2=A0Please note that it may take a couple of minutes fr= om the time of
>=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0until the htmlized version and diff are available a= t to= ols.ietf.org
>=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org>.
>
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also available by anonymous FTP= at:
>=C2=A0 =C2=A0 =C2=A0ftp://ftp.ietf.org/internet-drafts/ >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000a7377805a0478627-- From nobody Sat Mar 7 13:37:31 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6619E3A1AD6; Sat, 7 Mar 2020 13:37:30 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.119.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <158361705031.18112.120711996540216113@ietfa.amsl.com> Date: Sat, 07 Mar 2020 13:37:30 -0800 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 21:37:31 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-10.txt Pages : 14 Date : 2020-03-07 Abstract: This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Mar 7 13:40:58 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAC433A1AE4 for ; Sat, 7 Mar 2020 13:40:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9XRIn6IH4cbN for ; Sat, 7 Mar 2020 13:40:55 -0800 (PST) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C3603A1AE1 for ; Sat, 7 Mar 2020 13:40:55 -0800 (PST) Received: by mail-io1-xd36.google.com with SMTP id d8so5552287ion.7 for ; Sat, 07 Mar 2020 13:40:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=YxsaHUCESeTaqAIC8jYG7/w7aZ5nivbLGdOGiUnuDIc=; b=sUyzMdmBroFllnT1/iViLADEexSIyCVt3dj0ixI6hGiD+8gNUnf8kV50cHlV772DWT HkHGB3ci6uDyDriR43Wgz7tE1i7V/h8VfGCZ2fUsMPd+pyfCgWHT50l2Z62sw1JjoZ5F AHV8vdEWZKBH5mxhSFRGs/IHQQ/9bovxsVFraBx1rnukSF1YeHCfWau1lmB/h/ZoCZZT 4RL2gsd7+ZCu/LSqxBjtL68wMaQd35uim6n4334XAWn2oyNLoZZrrg2jJf1GniRvrMtR YvXN4S+YILno14k5tBKf8f8Mr6wJafi5QuVTKZe3CzyEjDg+Hg9ALeLQuCKxYtWnRqFH hZig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=YxsaHUCESeTaqAIC8jYG7/w7aZ5nivbLGdOGiUnuDIc=; b=bXD4uLYEw1HxmE7hGdDRceqbsCBEPbXc13WwyhFWaxe7OIEF/DzE5bUTJcEFYslfsY Jp5gGYSifZSvIzg80MY7vylxKMM74Or42cSaz8isUraADSzrqdTajObnTzOZG0nJgtfu SHTKCVFbZzQeZ/JNHbnO4BLZVoii8a3thXsWrye9YY/99cbYxjLOqoieTPeFpJ0tkXQ0 WVCE1FTOmukdCrS8PXdYrUN5HvOcsrrn2SI2dksXOFxSR6VzwRe1isB3oi/BCOzz9APB cIHJmSddMJckx817rptWWvNuKZig4tTGnbigFya7IkQZpV1OEsnbyJTEsabbIteMJN4Q 8Ifg== X-Gm-Message-State: ANhLgQ1oyzVYrcRFC/VvcHH6p6uIFNljx+pFBGYMOoYv9fbbpjPCLMtf nndAiYdAsGTKHVwGCQAc9hWoK+Mjfd54g/SemK5E+w== X-Google-Smtp-Source: ADFU+vvnxaTIi7+dG/Z3hd5AVMw73EF00fuapw082OQd7zkwS2DyPzjGETlbwW9lQGqEuXo2xmY2JKZF2IGUXVpV+y0= X-Received: by 2002:a5e:8c0d:: with SMTP id n13mr7949966ioj.138.1583617254187; Sat, 07 Mar 2020 13:40:54 -0800 (PST) MIME-Version: 1.0 References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: <158361705031.18112.120711996540216113@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Sat, 7 Mar 2020 16:40:43 -0500 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="000000000000e5660905a04a9f25" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 21:40:57 -0000 --000000000000e5660905a04a9f25 Content-Type: text/plain; charset="UTF-8" All, This new version addresses the latest comment from Paul regarding the token representations. Please, take a look and let us know if you have any further comments. Regards, Rifaat On Sat, Mar 7, 2020 at 4:37 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-10.txt > Pages : 14 > Date : 2020-03-07 > > Abstract: > This document defines the "Bearer" authentication scheme for the > Session Initiation Protocol (SIP), and a mechanism by which user > authentication and SIP registration authorization is delegated to a > third party, using the OAuth 2.0 framework and OpenID Connect Core > 1.0. This document updates RFC 3261 to provide guidance on how a SIP > User Agent Client (UAC) responds to a SIP 401/407 response that > contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000e5660905a04a9f25 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

This new version addresses t= he latest comment from Paul regarding the token representations.
Please= , take a look and let us know if you have any further comments.
<= br>
Regards,
=C2=A0Rifaat

On Sat, M= ar 7, 2020 at 4:37 PM <inter= net-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-10.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-03-07

Abstract:
=C2=A0 =C2=A0This document defines the "Bearer" authentication sc= heme for the
=C2=A0 =C2=A0Session Initiation Protocol (SIP), and a mechanism by which us= er
=C2=A0 =C2=A0authentication and SIP registration authorization is delegated= to a
=C2=A0 =C2=A0third party, using the OAuth 2.0 framework and OpenID Connect = Core
=C2=A0 =C2=A01.0.=C2=A0 This document updates RFC 3261 to provide guidance = on how a SIP
=C2=A0 =C2=A0User Agent Client (UAC) responds to a SIP 401/407 response tha= t
=C2=A0 =C2=A0contains multiple WWW-Authenticate/Proxy-Authenticate header f= ields.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-10
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-10

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-10


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000e5660905a04a9f25-- From nobody Sat Mar 7 16:17:41 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 062E13A1096; Sat, 7 Mar 2020 03:06:22 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.119.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <158357918194.18146.3803443161283081080@ietfa.amsl.com> Date: Sat, 07 Mar 2020 03:06:22 -0800 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-09.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 11:06:22 -0000 X-List-Received-Date: Sat, 07 Mar 2020 11:06:22 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-09.txt Pages : 14 Date : 2020-03-07 Abstract: This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-09 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Mar 7 16:17:52 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 261BC3A10AB for ; Sat, 7 Mar 2020 03:11:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.197 X-Spam-Level: X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyEQbN6cYxIQ for ; Sat, 7 Mar 2020 03:11:29 -0800 (PST) Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D25C43A10A9 for ; Sat, 7 Mar 2020 03:11:28 -0800 (PST) Received: by mail-il1-x12b.google.com with SMTP id r4so4479006iln.0 for ; Sat, 07 Mar 2020 03:11:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=EvJlFqWmYL/CUpasCwUPUQ54TFmFyurYOE6lPKpLI34=; b=ieyEnnUv7G6KOs4BvnDUBtVu3U/SjnwN5uCBYhrtE4ozPMBGj8DkBSHCs9MOE4UXJN zfix4LE0fCEC2Lg/OlBH5D2MlWwIPfHE9T8/WkuclHvh3Ok8pa0SmY0M9gzAHwfom8Wc LUQxo7KYjl16R0ocQHV0Fa6aRCnV025sx4BUg3NSF+6lYpt3np4R5Kx2HyXNOOcjO6FK Xli1LBAQ17d2vE2ZYiYqo6X2GPLPfcCE4VfELBcCMe+eWBpRvCZTMrGATNidJRYqLNWR oG3W4PBOVChmIyPdGKqzasE8grILqrqU1gVz17u1ePQ6OpguvtATVLjjPsJtqw13volv cZHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=EvJlFqWmYL/CUpasCwUPUQ54TFmFyurYOE6lPKpLI34=; b=Rb6jpERkggCvmz+IcfJrT9N6zqJ/w2Eg7NQHi7hiDKUBnj4QJMHQX3lLD1UUvyIUiv S9DDhmHrjgvbJlPXYffMK66pYIIErR9GTyljq1KmNGRHaQGDhSl6wYvvkeyhpDXYJ+/k mLN2UXQ6Ss2v0vLjHemxtdphv38bjsi6CFRrMiTKG0tNCl2u5ppqXqYiNvJ8Z6c1kPj3 Urcu7ZItUKwfG4QbCSD3bH5wfsXxuIIY5MAAPqBpvzaTmHjZ4PIIm+AxQn6M7CIXMTeq nhXYywjQiyadERdpbw1EF1xnVXT6qWW7RcGI8QvrosvCs9ikczKkSqXQ5Qb+b01WEdbz Z8ww== X-Gm-Message-State: ANhLgQ2vwyH6cZ9aBfoVnv1nQQGZT2iAmwbD38pwLNlVWqbMU9ITESIR xecAZohN0h5QTE0ESIiE3SeEUrM5e/OUUPVwPWn21HWX X-Google-Smtp-Source: ADFU+vtyuoI1FCvBp3djg++fMHWcAnVWPHNqlz1qrrhRFqP+yV4SwOXYNL+oFVZLuXVpYDchU3LWWnxEDTRAEYO0GoM= X-Received: by 2002:a92:9f87:: with SMTP id z7mr7537956ilk.255.1583579486362; Sat, 07 Mar 2020 03:11:26 -0800 (PST) MIME-Version: 1.0 References: <158357918194.18146.3803443161283081080@ietfa.amsl.com> In-Reply-To: <158357918194.18146.3803443161283081080@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Sat, 7 Mar 2020 06:11:15 -0500 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="000000000000c2206505a041d416" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-09.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 11:11:33 -0000 X-List-Received-Date: Sat, 07 Mar 2020 11:11:33 -0000 --000000000000c2206505a041d416 Content-Type: text/plain; charset="UTF-8" All, We have submitted a new version that we believe addresses all the comments received during the shepherd review. Please, take a look and let us know if you have any further comments. Regards, Rifaat On Sat, Mar 7, 2020 at 6:07 AM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-09.txt > Pages : 14 > Date : 2020-03-07 > > Abstract: > This document defines the "Bearer" authentication scheme for the > Session Initiation Protocol (SIP), and a mechanism by which user > authentication and SIP registration authorization is delegated to a > third party, using the OAuth 2.0 framework and OpenID Connect Core > 1.0. This document updates RFC 3261 to provide guidance on how a SIP > User Agent Client (UAC) responds to a SIP 401/407 response that > contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-09 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-09 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-09 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000c2206505a041d416 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

We have submitted a new version th= at we believe=C2=A0addresses all the comments received during the shepherd = review.
Please, take a look and let us know if you have any furth= er comments.

Regards,
=C2=A0Rifaat
=


On Sat, Mar 7, 2020 at 6:07 AM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-09.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-03-07

Abstract:
=C2=A0 =C2=A0This document defines the "Bearer" authentication sc= heme for the
=C2=A0 =C2=A0Session Initiation Protocol (SIP), and a mechanism by which us= er
=C2=A0 =C2=A0authentication and SIP registration authorization is delegated= to a
=C2=A0 =C2=A0third party, using the OAuth 2.0 framework and OpenID Connect = Core
=C2=A0 =C2=A01.0.=C2=A0 This document updates RFC 3261 to provide guidance = on how a SIP
=C2=A0 =C2=A0User Agent Client (UAC) responds to a SIP 401/407 response tha= t
=C2=A0 =C2=A0contains multiple WWW-Authenticate/Proxy-Authenticate header f= ields.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-09
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-09

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-09


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000c2206505a041d416-- From nobody Sat Mar 7 16:21:09 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00E233A152C for ; Sat, 7 Mar 2020 07:53:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5sP1OW2g2FB for ; Sat, 7 Mar 2020 07:53:36 -0800 (PST) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-eopbgr750048.outbound.protection.outlook.com [40.107.75.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6169A3A1528 for ; Sat, 7 Mar 2020 07:53:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VJrH4MOTNhGdDnBKwGEp/lEFe4B3DdAThDJgTuvCq7ZYS4oGGt3Q99zdnrwq4X6FV9wWX12/V5IASBx/osjjJ154g7RBp4gzazPcCfMbb9eE3XnpJle7xZ1pS9iJhB1dXaj5/M1MGgjICsHyvJHk0a+OEosP6APERuHf76OgKqX1Mek4PlbYrXnYRgPP0BobrBh1+MgpgIMBAhVCEcIP8IdVvmqRE8u959y6Iotg76mCPqYu5aOyJn1krM20AM2hKEwzQr/jLRh4rWDhW4ZMKP3/NCnCJDePKIq/RpieSW9Txijbw/5mz5Y1BK70pQVlPpshwDsp9RU3p+zhVi9JnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W/oLt3Vq5BrxIBpQtCXWX4B8H4meXvzh16KNF61wUKs=; b=S8ZmzGNHIPPCGH6M4WPNyOApVpr4V/drdhLynyKCSyU+QakOFjl1V2kzS4Og/GREh5gBO4Dfr/RopTriQJ6t89/yNA0zgTzKR0JNQDv07lI46zdMuNrErserk5mqE05zEO04YrUN8kQy0ouTzqpby/Jse2h23eyFQXkvgc+sGNGu5MtpUqfPGr0LD501eu99XXPQ5fS+ABH6pZlAKg6pp9yZTKgtN3tVGIzuXolkMhDkgKi+8z2NTXxvBqwhNy62KU5P/frXsFMk48XM5j2YsCxHW4WGVKNjDzLwO0Cnvb27uA/RS3octHR6gK51MWtUBSAyI/AN7zhs+VmhOR9v8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W/oLt3Vq5BrxIBpQtCXWX4B8H4meXvzh16KNF61wUKs=; b=EFdW6/Zy7OCx1qbzARs5St9dmkwBtNmF47veigzMBDgs0Xln+uc/BTWdWN6vU7cpluFbasTK0UKZCOPmZXa6KvGcNHHBVt9AcfTJBzUgg/tB5Y75qcDrfWCj2zTGAtUKmSCh3VK7c2G99CBDuz/x09QCFoikuldoTnF0KysdO44= Received: from SN4PR0801CA0016.namprd08.prod.outlook.com (2603:10b6:803:29::26) by DM6PR12MB3164.namprd12.prod.outlook.com (2603:10b6:5:188::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.14; Sat, 7 Mar 2020 15:53:34 +0000 Received: from SN1NAM02FT003.eop-nam02.prod.protection.outlook.com (2603:10b6:803:29:cafe::bf) by SN4PR0801CA0016.outlook.office365.com (2603:10b6:803:29::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Sat, 7 Mar 2020 15:53:34 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT003.mail.protection.outlook.com (10.152.73.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Sat, 7 Mar 2020 15:53:34 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 027FrVak028369 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Sat, 7 Mar 2020 10:53:32 -0500 To: sipcore@ietf.org References: <158357918194.18146.3803443161283081080@ietfa.amsl.com> From: Paul Kyzivat Message-ID: Date: Sat, 7 Mar 2020 10:53:31 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(346002)(396003)(136003)(39860400002)(376002)(189003)(199004)(70586007)(31686004)(786003)(246002)(316002)(53546011)(75432002)(36906005)(7596002)(5660300002)(31696002)(966005)(478600001)(26005)(8676002)(26826003)(356004)(70206006)(186003)(6916009)(8936002)(86362001)(336012)(66574012)(2906002)(956004)(2616005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3164; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bb96b94c-e923-4a9f-f007-08d7c2afb10f X-MS-TrafficTypeDiagnostic: DM6PR12MB3164: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 03355EE97E X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9qsyc2uCgaTmi6KQozxDOxy0/jFrv77rwnsYh7sScjOD9sQQ9gXN8+MVXweZ5KOjsvjUgRWo4UzWPeWhVuyQs+xiVWTzWB2HNvp7pznhiKz1nKass/wdNsqnuQl6Mx1OPWlbdeOX2oUklr5DxKBnyZQi94f8lzQIZd8GaWAigtqNV7oQ+ALvMvz0T7ODEm0Dr0PLKUfHi8CHcoyREF6L33qysqpfM/3CU4gNhg+Bsz7IF3vBkbSlPVLqVh3tdYdk+FKYYNT8adQReXktXvJBpRBrCyM8hsVCU7tovGw0qDrBQdyh/OKhPv3mj8qjdnyi58AmYBE8qQNP3QYpYn3hfWHoDLxINxUjcT6Mb0LboquFcmYX2iuiu5Ny8A5rEIUxikTiiq8fqVytSmIPcsnfF7yuBzVhitBDq0yA5PKmDZUSovKmTv4oGCj+FFK3ooh9sPLWgP1AvWjj2VqalIct8bXPn4U7cmvmWQEiTveqXn1rLKoHNDrInXQ7I3btlqNVtlefZXL9tscJWkpn8JOqDQ== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2020 15:53:34.0110 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bb96b94c-e923-4a9f-f007-08d7c2afb10f X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3164 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-09.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2020 15:53:38 -0000 X-List-Received-Date: Sat, 07 Mar 2020 15:53:38 -0000 Rifaat, Thanks for this update. It is improved. The new description of token types in section 1.3 is helpful. But then section 2.1.1 talks about some different token types: access tokens and refresh tokens. This seems to be a different dimension of token variation. Are these two independent dimensions? IOW, can access tokens be either structured or reference, and also refresh tokens be structured or reference? It would be good to expand the discussion in section 1.3 to cover all of this. Thanks, Paul On 3/7/20 6:11 AM, Rifaat Shekh-Yusef wrote: > All, > > We have submitted a new version that we believe addresses all the > comments received during the shepherd review. > Please, take a look and let us know if you have any further comments. > > Regards, >  Rifaat > > > On Sat, Mar 7, 2020 at 6:07 AM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-09.txt >         Pages           : 14 >         Date            : 2020-03-07 > > Abstract: >    This document defines the "Bearer" authentication scheme for the >    Session Initiation Protocol (SIP), and a mechanism by which user >    authentication and SIP registration authorization is delegated to a >    third party, using the OAuth 2.0 framework and OpenID Connect Core >    1.0.  This document updates RFC 3261 to provide guidance on how > a SIP >    User Agent Client (UAC) responds to a SIP 401/407 response that >    contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-09 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-09 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-09 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Sat Mar 7 18:48:16 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9FFE3A03F8 for ; Sat, 7 Mar 2020 18:48:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LoNJmo4aUvzo for ; Sat, 7 Mar 2020 18:48:12 -0800 (PST) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2074.outbound.protection.outlook.com [40.107.237.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFE913A03F5 for ; Sat, 7 Mar 2020 18:48:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QeGJ+4jA+n1JrSMs0IjWFplOPsOm4jm2KS8nyix9I/k8DCfXBNH31cukc+f+nZtl1wb5jVs+bzzamqBnBS4ZLhYEUfLGROaGjIQgO1uUWG+rLuO/5F1ajz4HZ3ZcXDByjkDYhQz6ghCG+yPS5m9HhG9DIYxj8NzKa/r8JcQNiMdOfCUkUhm9GgCjiJJHlwezrps8tSHPuER5sL/vcxM8LRwmDBr6xThDUfG3wmxOXf77hmYhjMbVT0wAM4JtgAKiLhpsilTvn5SM4dPIha4OJF4u8yWi6ylqi1NFx5D4sSJUKuMwP5HsX/c/Ghw3io/J9zfqW5+dlhdSp0Gy1Qbtxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rpi/CzqOPP623GJ8o3EwZ4iO0sGbQQnCvzbnmeFcN4g=; b=L25TuUIK7YCglXpmioUeFdVkFL3fn74dxLswYiYYSXBmQUbinVmVlQ2v4kcExcDNAM/x8ocCsdQCeTyTnQZVPLWfYHJrpzE1m+aaE7drpR98vACi8RZXHZKxjiINvbb8IFcIMTDEWDxd0a1iM7BRmpnZHLQFwtxt1wYLdkuNCa4H3M/tpMoRS8nWUTyUutc0CXbI69cC4JoPRl0POcKW0nevEViQx5oNtsuxqft6LrK2ULTeFZuwoLkc6nfe3wxe+NHByetbtcWHsX+yKz//rWXlAI6sN43jQ3+5d2MZ94ZoLXbLQtQ98UuYHIlnzbEVPxAQ2WBxdlimAf/O+Og7Hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rpi/CzqOPP623GJ8o3EwZ4iO0sGbQQnCvzbnmeFcN4g=; b=VgwINzWnn36FHjvgDf3QXC7+nrQJFdHNQHBM7J5V7TYDuW4T5fo/Ymhq3+J1LZxUnY0Ge5FQ+pJ4LJqINsZFP/lCTM2tRs0Gj4YuHmzvO+hmu0UpyH5DXYCW+3T8+JPH6b6urzs2kFYHQ4JWlrdpA5Ttiz7B+9134SKsgRJ30V4= Received: from CY4PR02CA0022.namprd02.prod.outlook.com (2603:10b6:903:18::32) by DM6PR12MB3498.namprd12.prod.outlook.com (2603:10b6:5:11a::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.15; Sun, 8 Mar 2020 02:48:10 +0000 Received: from CY1NAM02FT039.eop-nam02.prod.protection.outlook.com (2603:10b6:903:18:cafe::f3) by CY4PR02CA0022.outlook.office365.com (2603:10b6:903:18::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.14 via Frontend Transport; Sun, 8 Mar 2020 02:48:10 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT039.mail.protection.outlook.com (10.152.75.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Sun, 8 Mar 2020 02:48:09 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 0282m7eG023575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Sat, 7 Mar 2020 21:48:08 -0500 To: sipcore@ietf.org References: <158361705031.18112.120711996540216113@ietfa.amsl.com> From: Paul Kyzivat Message-ID: Date: Sat, 7 Mar 2020 21:48:07 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(346002)(136003)(39860400002)(376002)(396003)(189003)(199004)(53546011)(7596002)(336012)(66574012)(75432002)(478600001)(6916009)(966005)(31696002)(26826003)(86362001)(356004)(8676002)(8936002)(956004)(31686004)(26005)(2616005)(186003)(2906002)(5660300002)(70586007)(316002)(786003)(246002)(70206006)(36906005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3498; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: eb5fbdd1-bbbc-4fe4-289f-08d7c30b231d X-MS-TrafficTypeDiagnostic: DM6PR12MB3498: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 03361FCC43 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PLQzF1zIjaSLqSYrPLPR5WojwXwSSkLAGIHDiukgueaZ4Jun4ga5UMD1VuY2jop90b+FXYWnu8Ec9oSL3ESPTRYmiv4CqUeals+gybcvdvFNIv/fsxbV1+uzcMQyGipySVeGfJnXlfmNEtK9w9BiDVwd6H9Kha7+hzt6KHW5SbdSxtVq1ZMdUx/qFSAbv7LSc++VJaxpC/kVlVqaia917FeA9OLzhx5Y8HSYRv8iawIPlkXkgyeXjhIqtfKhvBnhgPacdg3vemYhzZ0fy4nKGmFGlOuqv79GjgRHqjygRw7/e2ufkkmJzThsdZxd0I4qim/faWv+GyaZystESD1Wmf+Ww33swm2MFMZPxwll6b5b6TPM+qu3Q69g1At7wDgcj+FESmECuySF9Ardn+919ikiBlLPusqPjuzsunwF1OCBZArRPi0Igr678palzTb5tTBGii1N2raRhS1aNzuHOlal9GXWZqMR/lq9aIfO3h8I+l7NpgPg5Jw+HJjTmTlkRnCGdfyT3/n5XISmRc3Low== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2020 02:48:09.5526 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: eb5fbdd1-bbbc-4fe4-289f-08d7c30b231d X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3498 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 02:48:14 -0000 Rifaat, On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote: > All, > > This new version addresses the latest comment from Paul regarding the > token representations. > Please, take a look and let us know if you have any further comments. This helps. I still find the various uses of "token" confusing in a way I suspect is unnecessary. Part of this may be a matter of OAUTH having much more machinery that we ought to need to understand for this draft. It would be nice if this draft were understandable without knowing about irrelevant parts of OAUTH. I think I now understand that for the most part this document is only concerned with access tokens, and that it generally doesn't matter whether they are structured or reference. There seem to be some limited sections where you need to talk about refresh tokens as being needed to refresh a stale access token. And similarly there is a limited need to distinguish between structured and reference tokens when discussing security considerations. (In this last update you also added a reference to ID tokens. IIUC we shouldn't need to know about them at all.) I appreciate that you are deeply familiar with the details of OAUTH to the extent that you can't appreciate how confusing this can be to those of us who aren't. hence this becomes frustrating for both of us. I think it would be good to hear what others have to say before deciding what (if any) other changes should be made. Thanks, Paul > Regards, >  Rifaat > > > On Sat, Mar 7, 2020 at 4:37 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-10.txt >         Pages           : 14 >         Date            : 2020-03-07 > > Abstract: >    This document defines the "Bearer" authentication scheme for the >    Session Initiation Protocol (SIP), and a mechanism by which user >    authentication and SIP registration authorization is delegated to a >    third party, using the OAuth 2.0 framework and OpenID Connect Core >    1.0.  This document updates RFC 3261 to provide guidance on how > a SIP >    User Agent Client (UAC) responds to a SIP 401/407 response that >    contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Sun Mar 8 04:51:27 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288A63A0B28 for ; Sun, 8 Mar 2020 04:51:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LiRSgqbyd4wU for ; Sun, 8 Mar 2020 04:51:23 -0700 (PDT) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B1293A0B23 for ; Sun, 8 Mar 2020 04:51:23 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id d15so6460069iog.3 for ; Sun, 08 Mar 2020 04:51:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MH6GcSEOR5bkZ7Hc+fkq/FH+KZ8sEFYe3GZndP93W6Y=; b=NNJhygQbepuAdIfoGfEBB/qu9pV2+X7zErXXmHnrbpedrDcrziXQ848cdGEkxolT1b NN7iCj1aB2sHg6wZGH3zBIMvx7q6BYmQceo/HOxD1cgcjle9KcP1vnosbubioM9c2SxG QJiKUEu7/O2FqmdMOwmmkjerWr4pgxHJAHNRAy8+f7Onghvg4nyvhAFkMiIsp5nnwH12 RkBg8xRG9LkyA3g3xT+NJZEUYQOX+AwTCeNWpYT/UBqvsVbM3M5WcRTRb/eaRVBcOwDK 4n9lfQJF736gS7uuOrLTZxEEaovqaIYQCzjRn9ODJDAvYOVwSgSYiUCc1gaW7xdV+rAd sJgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MH6GcSEOR5bkZ7Hc+fkq/FH+KZ8sEFYe3GZndP93W6Y=; b=QPoXj8jrkOYdKKmcwSxkwINXw+X5w/ZWAt5mDXpGkxNZBdMfZt+KASFeGWc37alePK lIjjgrCTnMSm42EkznnsFoUR07jHmrPdI0tgyYbvnE48DbadSiteFKAAV1xGmjG5iJIn Z1mDGM7G6vDO5jAgCh17rutQuacdNogF4cZJMtgWCoFSn3OoWZD2eUyEgQWi4GfFIQO7 PC3x/jcSmBy8jTOQv7xJeIlym+xP/LMORMeI0/IABlDvy+HIavrXuTbPjrely41OpHVl Ygj4JyX6lR6ZMcQL39ceHepfEx6BpTNnJ3pnmD/DtX3IZFPrwoxmQpyVowaNN2d3zVaK nyIQ== X-Gm-Message-State: ANhLgQ2bEv9QryQIrHw7NQfbs4AwGvkZUYwvqe28x2i97oDiCQzhR/yt x7W2Webezd74aLRRRtCrYLoAIIJKJWMJQv1+mbo= X-Google-Smtp-Source: ADFU+vvYdXMfRbSZqE9+p3XDZTMx5Ta8Siv509kr/+wlBCl3W6dCRqafg2WZ8V8mAJiDCsHsyZn92wFnuujZe+B8EcM= X-Received: by 2002:a5e:8c0d:: with SMTP id n13mr9743012ioj.138.1583668282349; Sun, 08 Mar 2020 04:51:22 -0700 (PDT) MIME-Version: 1.0 References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Sun, 8 Mar 2020 07:51:11 -0400 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000695d0905a05681fd" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 11:51:25 -0000 --000000000000695d0905a05681fd Content-Type: text/plain; charset="UTF-8" Hi Paul, I completely understand, and I would happy to try to make it clearer. I believe your reviews and question made this document a much better document than it was initially, and I would be happy to continue to do that if needed. The goal is to publish a document that would be useful to the wider community as much as possible. I will try to go over the document again, and see if I can make it clearer. I agree that it would be great if we can get more people to review the document and provide feedback. Regards, Rifaat On Sat, Mar 7, 2020 at 9:48 PM Paul Kyzivat wrote: > Rifaat, > > On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > This new version addresses the latest comment from Paul regarding the > > token representations. > > Please, take a look and let us know if you have any further comments. > > This helps. I still find the various uses of "token" confusing in a way > I suspect is unnecessary. Part of this may be a matter of OAUTH having > much more machinery that we ought to need to understand for this draft. > It would be nice if this draft were understandable without knowing about > irrelevant parts of OAUTH. > > I think I now understand that for the most part this document is only > concerned with access tokens, and that it generally doesn't matter > whether they are structured or reference. There seem to be some limited > sections where you need to talk about refresh tokens as being needed to > refresh a stale access token. And similarly there is a limited need to > distinguish between structured and reference tokens when discussing > security considerations. (In this last update you also added a reference > to ID tokens. IIUC we shouldn't need to know about them at all.) > > I appreciate that you are deeply familiar with the details of OAUTH to > the extent that you can't appreciate how confusing this can be to those > of us who aren't. hence this becomes frustrating for both of us. > > I think it would be good to hear what others have to say before deciding > what (if any) other changes should be made. > > Thanks, > Paul > > > Regards, > > Rifaat > > > > > > On Sat, Mar 7, 2020 at 4:37 PM > > wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Session Initiation Protocol Core WG > > of the IETF. > > > > Title : Third-Party Token-based Authentication > > and Authorization for Session Initiation Protocol (SIP) > > Authors : Rifaat Shekh-Yusef > > Christer Holmberg > > Victor Pascual > > Filename : draft-ietf-sipcore-sip-token-authnz-10.txt > > Pages : 14 > > Date : 2020-03-07 > > > > Abstract: > > This document defines the "Bearer" authentication scheme for the > > Session Initiation Protocol (SIP), and a mechanism by which user > > authentication and SIP registration authorization is delegated > to a > > third party, using the OAuth 2.0 framework and OpenID Connect > Core > > 1.0. This document updates RFC 3261 to provide guidance on how > > a SIP > > User Agent Client (UAC) responds to a SIP 401/407 response that > > contains multiple WWW-Authenticate/Proxy-Authenticate header > fields. > > > > > > The IETF datatracker status page for this draft is: > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > > > > > A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org > > . > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000695d0905a05681fd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Paul,

I completely=C2=A0understand, = and I would happy to try to make it clearer.
I believe=C2=A0your = reviews and question made this document a much better document than it was = initially, and I would be happy to continue to do that if needed.
The goal is to publish a document that would be useful=C2=A0to the wider c= ommunity as much as possible.

I will try to go ove= r the document again, and see if I can make it clearer.=C2=A0

I agree that it would be great if we can get more people to= review the document and provide feedback.

Regards= ,
=C2=A0Rifaat


On Sat, Mar 7, 2020 at 9:48 PM= Paul Kyzivat <pkyzivat@alum.mi= t.edu> wrote:
Rifaat,

On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote:
> All,
>
> This new version addresses the latest comment from Paul regarding the =
> token representations.
> Please, take a look and let us know if you have any further comments.<= br>
This helps. I still find the various uses of "token" confusing in= a way
I suspect is unnecessary. Part of this may be a matter of OAUTH having
much more machinery that we ought to need to understand for this draft. It would be nice if this draft were understandable without knowing about =C2=A0 irrelevant parts of OAUTH.

I think I now understand that for the most part this document is only
concerned with access tokens, and that it generally doesn't matter
whether they are structured or reference. There seem to be some limited sections where you need to talk about refresh tokens as being needed to refresh a stale access token. And similarly there is a limited need to
distinguish between structured and reference tokens when discussing
security considerations. (In this last update you also added a reference to ID tokens. IIUC we shouldn't need to know about them at all.)

I appreciate that you are deeply familiar with the details of OAUTH to
the extent that you can't appreciate how confusing this can be to those=
of us who aren't. hence this becomes frustrating for both of us.

I think it would be good to hear what others have to say before deciding what (if any) other changes should be made.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul

> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Sat, Mar 7, 2020 at 4:37 PM <internet-drafts@ietf.org
> <mailto:internet-drafts@ietf.org>> wrote:
>
>
>=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is available from the on-line = Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0This draft is a work item of the Session Initiation= Protocol Core WG
>=C2=A0 =C2=A0 =C2=A0of the IETF.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based Authentication
>=C2=A0 =C2=A0 =C2=A0and Authorization for Session Initiation Protocol (= SIP)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer Holmberg
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor Pascual
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 = =C2=A0 =C2=A0 : draft-ietf-sipcore-sip-token-authnz-10.txt
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 : 2020-03-07
>
>=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This document defines the "Beare= r" authentication scheme for the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Session Initiation Protocol (SIP), an= d a mechanism by which user
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authentication and SIP registration a= uthorization is delegated to a
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0third party, using the OAuth 2.0 fram= ework and OpenID Connect Core
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01.0.=C2=A0 This document updates RFC = 3261 to provide guidance on how
>=C2=A0 =C2=A0 =C2=A0a SIP
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0User Agent Client (UAC) responds to a= SIP 401/407 response that
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0contains multiple WWW-Authenticate/Pr= oxy-Authenticate header fields.
>
>
>=C2=A0 =C2=A0 =C2=A0The IETF datatracker status page for this draft is:=
>=C2=A0 =C2=A0 =C2=A0https:/= /datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
>
>=C2=A0 =C2=A0 =C2=A0There are also htmlized versions available at:
>=C2=A0 =C2=A0 =C2=A0https://to= ols.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-auth= nz-10>
>
>=C2=A0 =C2=A0 =C2=A0A diff from the previous version is available at: >=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-10
>
>
>=C2=A0 =C2=A0 =C2=A0Please note that it may take a couple of minutes fr= om the time of
>=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0until the htmlized version and diff are available a= t to= ols.ietf.org
>=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org>.
>
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also available by anonymous FTP= at:
>=C2=A0 =C2=A0 =C2=A0ftp://ftp.ietf.org/internet-drafts/ >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000695d0905a05681fd-- From nobody Fri Mar 13 09:08:11 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D1E3A0A10 for ; Fri, 13 Mar 2020 09:08:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQ44BRynUbrC for ; Fri, 13 Mar 2020 09:08:07 -0700 (PDT) Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8CC3A07AA for ; Fri, 13 Mar 2020 09:08:07 -0700 (PDT) Received: by mail-il1-x12d.google.com with SMTP id c8so9459819ilm.1 for ; Fri, 13 Mar 2020 09:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z8kDZIG0AKQsdP2KYaVRAgrn749iFYnuAWeLVbiGFNE=; b=r6JhYPqOn2iyOQHn2XkgTXfaCml0GGgha6OL+ZSPOZjm9CubBtS/dmg378IbqvhcHw 7mSB1y9WJfCVBsaIR49KXtpLEf09Y1DC4O38DHO9SkNQtn41E/oW5H8eKKvPqHYq/vS3 Kfi4VWsSwUHy53zs9ml7flfxXhDKeQjdbjlspYweHSEPmjAv0UNauQu20VWjmJdUr66i U74kLyiJTCFUZukzslPZzHHPhfVsg7OJ8pbZ7IM6nvFZn67ZbDcG+iQG/D4PzC0XCuZa JQNGvL2QdV91gD+DWbK+ZnSaJYlCMPKpOPIPal9mvlK1e62p5j6SudfOv2aRpRaBSLuN wQfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z8kDZIG0AKQsdP2KYaVRAgrn749iFYnuAWeLVbiGFNE=; b=hTDILT1Ysz1xhlCIl8YarsQRXSd0ddfyTHEuJwO8GlMNXHzSh9EZ1u8OglVrbebJRm oU+I86/esGNhHeC1v8rn9Q7q88PrLUd81jookuMC3IEyxsUotfHrBau8q3waPSuLgeFZ qVV5w/0sRyduWJwAJoqdhpmeSDVabMXJDXjHO9LIseBVwecK+r0Dwt/ojyQfLCZFRGwe ICp5kfdvFnxMze6bqwW7haTjSS8g15GCfkZA0EA9cTN4vdDWSzc5Ht1kNNK7DVaDTfc4 da8Bn3crWP4S2CQWyVaTmxknS//QXhP7gffHtKp57g5AA4vNlBh9bD6UmPYGjACylzH+ Ku6Q== X-Gm-Message-State: ANhLgQ2p1QpKS3iTJOHtHiGZS5uEDJE8zgmKtB+un6ovuuI3zscLZX8N 2+nwIZfMiO18Wps4TEUKuUVtcAj3M2j58wjrMKuZqz2H X-Google-Smtp-Source: ADFU+vtmG1n1n14TFNhXue9Q4qUp2VVtHZvTm4mTBzSZPrL/J5u6//OWTZ+aLAhee1JDBNvJChv+QL47xwjmVoewYz4= X-Received: by 2002:a92:5d8f:: with SMTP id e15mr14994675ilg.255.1584115686403; Fri, 13 Mar 2020 09:08:06 -0700 (PDT) MIME-Version: 1.0 References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Fri, 13 Mar 2020 12:07:55 -0400 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000c5795205a0beacfc" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 16:08:09 -0000 --000000000000c5795205a0beacfc Content-Type: text/plain; charset="UTF-8" Paul, I went through the document again, and to me it seems clear what we meant we mention a token, but I probably am way too close to see the issues that you might be seeing. Do you have some specific issue that you think we could try to clarify? Regards, Rifaat On Sat, Mar 7, 2020 at 9:48 PM Paul Kyzivat wrote: > Rifaat, > > On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > This new version addresses the latest comment from Paul regarding the > > token representations. > > Please, take a look and let us know if you have any further comments. > > This helps. I still find the various uses of "token" confusing in a way > I suspect is unnecessary. Part of this may be a matter of OAUTH having > much more machinery that we ought to need to understand for this draft. > It would be nice if this draft were understandable without knowing about > irrelevant parts of OAUTH. > > I think I now understand that for the most part this document is only > concerned with access tokens, and that it generally doesn't matter > whether they are structured or reference. There seem to be some limited > sections where you need to talk about refresh tokens as being needed to > refresh a stale access token. And similarly there is a limited need to > distinguish between structured and reference tokens when discussing > security considerations. (In this last update you also added a reference > to ID tokens. IIUC we shouldn't need to know about them at all.) > > I appreciate that you are deeply familiar with the details of OAUTH to > the extent that you can't appreciate how confusing this can be to those > of us who aren't. hence this becomes frustrating for both of us. > > I think it would be good to hear what others have to say before deciding > what (if any) other changes should be made. > > Thanks, > Paul > > > Regards, > > Rifaat > > > > > > On Sat, Mar 7, 2020 at 4:37 PM > > wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Session Initiation Protocol Core WG > > of the IETF. > > > > Title : Third-Party Token-based Authentication > > and Authorization for Session Initiation Protocol (SIP) > > Authors : Rifaat Shekh-Yusef > > Christer Holmberg > > Victor Pascual > > Filename : draft-ietf-sipcore-sip-token-authnz-10.txt > > Pages : 14 > > Date : 2020-03-07 > > > > Abstract: > > This document defines the "Bearer" authentication scheme for the > > Session Initiation Protocol (SIP), and a mechanism by which user > > authentication and SIP registration authorization is delegated > to a > > third party, using the OAuth 2.0 framework and OpenID Connect > Core > > 1.0. This document updates RFC 3261 to provide guidance on how > > a SIP > > User Agent Client (UAC) responds to a SIP 401/407 response that > > contains multiple WWW-Authenticate/Proxy-Authenticate header > fields. > > > > > > The IETF datatracker status page for this draft is: > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > > > > > A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org > > . > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000c5795205a0beacfc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Paul,

I went through the document again= , and to me it seems clear what we meant we mention a token, but I probably= am way too close to see the issues that you might be seeing.
Do = you have some specific issue that you think we could try to clarify?
<= div>
Regards,
=C2=A0Rifaat


On S= at, Mar 7, 2020 at 9:48 PM Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
Rifaat,

On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote:
> All,
>
> This new version addresses the latest comment from Paul regarding the =
> token representations.
> Please, take a look and let us know if you have any further comments.<= br>
This helps. I still find the various uses of "token" confusing in= a way
I suspect is unnecessary. Part of this may be a matter of OAUTH having
much more machinery that we ought to need to understand for this draft. It would be nice if this draft were understandable without knowing about =C2=A0 irrelevant parts of OAUTH.

I think I now understand that for the most part this document is only
concerned with access tokens, and that it generally doesn't matter
whether they are structured or reference. There seem to be some limited sections where you need to talk about refresh tokens as being needed to refresh a stale access token. And similarly there is a limited need to
distinguish between structured and reference tokens when discussing
security considerations. (In this last update you also added a reference to ID tokens. IIUC we shouldn't need to know about them at all.)

I appreciate that you are deeply familiar with the details of OAUTH to
the extent that you can't appreciate how confusing this can be to those=
of us who aren't. hence this becomes frustrating for both of us.

I think it would be good to hear what others have to say before deciding what (if any) other changes should be made.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul

> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Sat, Mar 7, 2020 at 4:37 PM <internet-drafts@ietf.org
> <mailto:internet-drafts@ietf.org>> wrote:
>
>
>=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is available from the on-line = Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0This draft is a work item of the Session Initiation= Protocol Core WG
>=C2=A0 =C2=A0 =C2=A0of the IETF.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based Authentication
>=C2=A0 =C2=A0 =C2=A0and Authorization for Session Initiation Protocol (= SIP)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer Holmberg
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor Pascual
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 = =C2=A0 =C2=A0 : draft-ietf-sipcore-sip-token-authnz-10.txt
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 : 2020-03-07
>
>=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This document defines the "Beare= r" authentication scheme for the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Session Initiation Protocol (SIP), an= d a mechanism by which user
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authentication and SIP registration a= uthorization is delegated to a
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0third party, using the OAuth 2.0 fram= ework and OpenID Connect Core
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01.0.=C2=A0 This document updates RFC = 3261 to provide guidance on how
>=C2=A0 =C2=A0 =C2=A0a SIP
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0User Agent Client (UAC) responds to a= SIP 401/407 response that
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0contains multiple WWW-Authenticate/Pr= oxy-Authenticate header fields.
>
>
>=C2=A0 =C2=A0 =C2=A0The IETF datatracker status page for this draft is:=
>=C2=A0 =C2=A0 =C2=A0https:/= /datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
>
>=C2=A0 =C2=A0 =C2=A0There are also htmlized versions available at:
>=C2=A0 =C2=A0 =C2=A0https://to= ols.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-auth= nz-10>
>
>=C2=A0 =C2=A0 =C2=A0A diff from the previous version is available at: >=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-10
>
>
>=C2=A0 =C2=A0 =C2=A0Please note that it may take a couple of minutes fr= om the time of
>=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0until the htmlized version and diff are available a= t to= ols.ietf.org
>=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org>.
>
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also available by anonymous FTP= at:
>=C2=A0 =C2=A0 =C2=A0ftp://ftp.ietf.org/internet-drafts/ >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000c5795205a0beacfc-- From nobody Mon Mar 16 12:28:40 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9753A0F2E for ; Mon, 16 Mar 2020 12:28:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5VMuIFS2pKqP for ; Mon, 16 Mar 2020 12:28:33 -0700 (PDT) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10063.outbound.protection.outlook.com [40.107.1.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7C7B3A0F80 for ; Mon, 16 Mar 2020 12:28:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dQR6dDILnMNWqH4bvTkDCRt/D+3ddIk66ReiS2a+hBid3Caz9weZBDWBBhhzrJU99w2pk6zJwedXKo/r0LrI6H7WCbjRrYX001rP3tBdGbFFvLUUNoRRVtEE4vjtPgaWrTCUDxJy/2i1b012826RqBoCFgReTMaOkbEfqZ3KgI8FQPBoH0zQz32hfzZmOQWO8Hlq2QN9FO+mdH1NHBRCNx5kzSviq9r9mvWN54i2DzE9d+FLpZxD7RrfiKXj/HI0Js34H4vVPbbtiqTYC+fMmqUAhJo7yFL1CuyJFmofQS0z/7zaUXaIZvPO9724aZNf82eHvFaXRSopf3OMq8LkbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c8W7nQui3dHR0AevZwTorjXe9MHj4lWVNp/qk22O3I0=; b=Ts1PcUpPId9RDw9+qfzMKl4yGO4BwTZzx7tPX01xhjxnVDJ/Cpn3kQ+0sgtbPCZudGPP3TcztIlEkR3HV5vv9g9pjS4VpABl4LN6ZIQ17e39TfT+83IH/jY24jhsDL1m211UdVAbg9+Vgdjlbjxf3sRQJbo27W50d18OyrCddWUj7iqk5unLGNuiwc5fmhGfNLl7TVKLteRK4tv7vBjC0dXe1wUvVSXPJnlCdMRb/rJf8HL4kA8xGa1fJe0XXJ962IL5032tWyNiCIBd//Wu0EmIHaoYWYkTQ/9Md7PrOoBFhvlO+VvJFuPapCN+FpNAwEubpKVMoKOf3MEAyWcr5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c8W7nQui3dHR0AevZwTorjXe9MHj4lWVNp/qk22O3I0=; b=VznYKbVAfEGK9ReZLJqX8IguKTVXTmlJZi9G4RvgoZCtYtY0mGNFdde4H4fgFLhq4rG7zDkd6lb6mRyvqGPA+EKi3OqRqgazDrukjaq1LJ1guORHUaFFg7CFL/PorCJOdwXPO0+sWQKWpPFmpfbuObKqXtxPh9hEgtuHTBgwKeY= Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (52.134.82.159) by AM0PR07MB4465.eurprd07.prod.outlook.com (52.135.151.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.14; Mon, 16 Mar 2020 19:28:28 +0000 Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512%7]) with mapi id 15.20.2835.012; Mon, 16 Mar 2020 19:28:28 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef , Paul Kyzivat CC: SIPCORE Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt Thread-Index: AQHV9Mil8bEoekvAOky0WAsxxpkbVKg9qImAgABV44CACLsfgIAFEIsA Date: Mon, 16 Mar 2020 19:28:28 +0000 Message-ID: References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e340ff42-c917-4e64-6c64-08d7c9e03471 x-ms-traffictypediagnostic: AM0PR07MB4465: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 03449D5DD1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(199004)(86362001)(186003)(6506007)(966005)(26005)(71200400001)(66476007)(36756003)(53546011)(66946007)(2616005)(66446008)(4326008)(64756008)(44832011)(6512007)(66556008)(81156014)(33656002)(110136005)(6486002)(2906002)(66574012)(76116006)(5660300002)(8676002)(478600001)(8936002)(91956017)(316002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4465; H:AM0PR07MB3987.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1nlATFhuB7KD18BTx0b1c08Libj8FEFZL5gCjaFqwBz5acnhJChiTCUa0rmC3W/xVcmVsWWvxZ3LG9+NXZFuFT/fdMh0IsoMc6xO3GTwcz4heSkZu5TWqVpR0esPRkYUlZwHkN+f5AwnzbwGX2MorTkJ/Thh+DhiLVffWRZXs+UbwFwsOSBMe3dl+sMJSufgivzzb896D+6uhnEOz3NWouL1EeHLH34GcaC4GW9HlCuwy3lM6Yw13KVNMIEXWc6zaoXJ7LE7Z96ovEVFuW7p5r5R6zA70rvA14K+PitB3yfTKmkLx0ckfqRglzgJ3hz4COe+meAL2IY2NWJ+KJeOUcbj5PHW1b5wRCxQU/DeqBt/udMHuKvR7alSW8AykYBhBL35KDI1zw1S9d2H9CObATGAMZiCmQsjsRbkbMF2LPY19QywkkFcCidUGBDaAxYxAqvqVTbnq5C3SQlrSo6o6h4ntsLgy0xY7CH0oULNQs3rrOJFM94tbaSsMs1a6ty3UePmU67Sr5XabEmgRfB//g== x-ms-exchange-antispam-messagedata: c67Q38PmDvxGyBmvhZ4j9DKNVQmub4o/EStQa8naeYbvbrwWUSTlm+xgWwA2og+Dn/0+bJBjH+xTX0D3S+K+PbzhplCo5VdLnqvg47rROE1qE4Kn22iJXKFs99/5dNSC61M2VXNI4TENEMDD4yR4Ow== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_E4991A142F544A29B3ADC7CC61997170ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: e340ff42-c917-4e64-6c64-08d7c9e03471 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2020 19:28:28.3241 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FUTKI17GL6n1mEysIVQ14hbwQtXnJVUUaA0BQKNGB2aAsfnEqcmzJin9y/11dP65UiLmohV0adSlhQlhj5eE5mUqDpy4n0bUU3XIqNUo1+k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4465 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2020 19:28:38 -0000 --_000_E4991A142F544A29B3ADC7CC61997170ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UGF1bCwgY291bGQgeW91IHBsZWFzZSBwcm92aWRlIHRoZSBpbnB1dCB0aGF0IGlzIHJlcXVlc3Rl ZCwgc28gdGhhdCB3ZSBjYW4gdHJ5IHRvIG1vdmUgdGhlIGRyYWZ0IGZvcndhcmQuDQoNClJlZ2Fy ZHMsDQoNCkNocmlzdGVyDQoNCkZyb206IHNpcGNvcmUgPHNpcGNvcmUtYm91bmNlc0BpZXRmLm9y Zz4gb24gYmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiA8cmlmYWF0LmlldGZAZ21haWwuY29t Pg0KRGF0ZTogRnJpZGF5LCAxMyBNYXJjaCAyMDIwIGF0IDE4LjA4DQpUbzogInBreXppdmF0QGFs dW0ubWl0LmVkdSIgPHBreXppdmF0QGFsdW0ubWl0LmVkdT4NCkNjOiAic2lwY29yZUBpZXRmLm9y ZyIgPHNpcGNvcmVAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW3NpcGNvcmVdIEktRCBBY3Rpb246 IGRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwLnR4dA0KDQpQYXVsLA0KDQpJ IHdlbnQgdGhyb3VnaCB0aGUgZG9jdW1lbnQgYWdhaW4sIGFuZCB0byBtZSBpdCBzZWVtcyBjbGVh ciB3aGF0IHdlIG1lYW50IHdlIG1lbnRpb24gYSB0b2tlbiwgYnV0IEkgcHJvYmFibHkgYW0gd2F5 IHRvbyBjbG9zZSB0byBzZWUgdGhlIGlzc3VlcyB0aGF0IHlvdSBtaWdodCBiZSBzZWVpbmcuDQpE byB5b3UgaGF2ZSBzb21lIHNwZWNpZmljIGlzc3VlIHRoYXQgeW91IHRoaW5rIHdlIGNvdWxkIHRy eSB0byBjbGFyaWZ5Pw0KDQpSZWdhcmRzLA0KIFJpZmFhdA0KDQoNCk9uIFNhdCwgTWFyIDcsIDIw MjAgYXQgOTo0OCBQTSBQYXVsIEt5eml2YXQgPHBreXppdmF0QGFsdW0ubWl0LmVkdTxtYWlsdG86 cGt5eml2YXRAYWx1bS4ubWl0LmVkdT4+IHdyb3RlOg0KUmlmYWF0LA0KDQpPbiAzLzcvMjAgNDo0 MCBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3RlOg0KPiBBbGwsDQo+DQo+IFRoaXMgbmV3IHZl cnNpb24gYWRkcmVzc2VzIHRoZSBsYXRlc3QgY29tbWVudCBmcm9tIFBhdWwgcmVnYXJkaW5nIHRo ZQ0KPiB0b2tlbiByZXByZXNlbnRhdGlvbnMuDQo+IFBsZWFzZSwgdGFrZSBhIGxvb2sgYW5kIGxl dCB1cyBrbm93IGlmIHlvdSBoYXZlIGFueSBmdXJ0aGVyIGNvbW1lbnRzLg0KDQpUaGlzIGhlbHBz LiBJIHN0aWxsIGZpbmQgdGhlIHZhcmlvdXMgdXNlcyBvZiAidG9rZW4iIGNvbmZ1c2luZyBpbiBh IHdheQ0KSSBzdXNwZWN0IGlzIHVubmVjZXNzYXJ5LiBQYXJ0IG9mIHRoaXMgbWF5IGJlIGEgbWF0 dGVyIG9mIE9BVVRIIGhhdmluZw0KbXVjaCBtb3JlIG1hY2hpbmVyeSB0aGF0IHdlIG91Z2h0IHRv IG5lZWQgdG8gdW5kZXJzdGFuZCBmb3IgdGhpcyBkcmFmdC4NCkl0IHdvdWxkIGJlIG5pY2UgaWYg dGhpcyBkcmFmdCB3ZXJlIHVuZGVyc3RhbmRhYmxlIHdpdGhvdXQga25vd2luZyBhYm91dA0KICBp cnJlbGV2YW50IHBhcnRzIG9mIE9BVVRILg0KDQpJIHRoaW5rIEkgbm93IHVuZGVyc3RhbmQgdGhh dCBmb3IgdGhlIG1vc3QgcGFydCB0aGlzIGRvY3VtZW50IGlzIG9ubHkNCmNvbmNlcm5lZCB3aXRo IGFjY2VzcyB0b2tlbnMsIGFuZCB0aGF0IGl0IGdlbmVyYWxseSBkb2Vzbid0IG1hdHRlcg0Kd2hl dGhlciB0aGV5IGFyZSBzdHJ1Y3R1cmVkIG9yIHJlZmVyZW5jZS4gVGhlcmUgc2VlbSB0byBiZSBz b21lIGxpbWl0ZWQNCnNlY3Rpb25zIHdoZXJlIHlvdSBuZWVkIHRvIHRhbGsgYWJvdXQgcmVmcmVz aCB0b2tlbnMgYXMgYmVpbmcgbmVlZGVkIHRvDQpyZWZyZXNoIGEgc3RhbGUgYWNjZXNzIHRva2Vu LiBBbmQgc2ltaWxhcmx5IHRoZXJlIGlzIGEgbGltaXRlZCBuZWVkIHRvDQpkaXN0aW5ndWlzaCBi ZXR3ZWVuIHN0cnVjdHVyZWQgYW5kIHJlZmVyZW5jZSB0b2tlbnMgd2hlbiBkaXNjdXNzaW5nDQpz ZWN1cml0eSBjb25zaWRlcmF0aW9ucy4gKEluIHRoaXMgbGFzdCB1cGRhdGUgeW91IGFsc28gYWRk ZWQgYSByZWZlcmVuY2UNCnRvIElEIHRva2Vucy4gSUlVQyB3ZSBzaG91bGRuJ3QgbmVlZCB0byBr bm93IGFib3V0IHRoZW0gYXQgYWxsLikNCg0KSSBhcHByZWNpYXRlIHRoYXQgeW91IGFyZSBkZWVw bHkgZmFtaWxpYXIgd2l0aCB0aGUgZGV0YWlscyBvZiBPQVVUSCB0bw0KdGhlIGV4dGVudCB0aGF0 IHlvdSBjYW4ndCBhcHByZWNpYXRlIGhvdyBjb25mdXNpbmcgdGhpcyBjYW4gYmUgdG8gdGhvc2UN Cm9mIHVzIHdobyBhcmVuJ3QuIGhlbmNlIHRoaXMgYmVjb21lcyBmcnVzdHJhdGluZyBmb3IgYm90 aCBvZiB1cy4NCg0KSSB0aGluayBpdCB3b3VsZCBiZSBnb29kIHRvIGhlYXIgd2hhdCBvdGhlcnMg aGF2ZSB0byBzYXkgYmVmb3JlIGRlY2lkaW5nDQp3aGF0IChpZiBhbnkpIG90aGVyIGNoYW5nZXMg c2hvdWxkIGJlIG1hZGUuDQoNCiAgICAgICAgVGhhbmtzLA0KICAgICAgICBQYXVsDQoNCj4gUmVn YXJkcywNCj4gICBSaWZhYXQNCj4NCj4NCj4gT24gU2F0LCBNYXIgNywgMjAyMCBhdCA0OjM3IFBN IDxpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9y Zz4NCj4gPG1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0LWRy YWZ0c0BpZXRmLm9yZz4+PiB3cm90ZToNCj4NCj4NCj4gICAgIEEgTmV3IEludGVybmV0LURyYWZ0 IGlzIGF2YWlsYWJsZSBmcm9tIHRoZSBvbi1saW5lIEludGVybmV0LURyYWZ0cw0KPiAgICAgZGly ZWN0b3JpZXMuDQo+ICAgICBUaGlzIGRyYWZ0IGlzIGEgd29yayBpdGVtIG9mIHRoZSBTZXNzaW9u IEluaXRpYXRpb24gUHJvdG9jb2wgQ29yZSBXRw0KPiAgICAgb2YgdGhlIElFVEYuDQo+DQo+ICAg ICAgICAgICAgICBUaXRsZSAgICAgICAgICAgOiBUaGlyZC1QYXJ0eSBUb2tlbi1iYXNlZCBBdXRo ZW50aWNhdGlvbg0KPiAgICAgYW5kIEF1dGhvcml6YXRpb24gZm9yIFNlc3Npb24gSW5pdGlhdGlv biBQcm90b2NvbCAoU0lQKQ0KPiAgICAgICAgICAgICAgQXV0aG9ycyAgICAgICAgIDogUmlmYWF0 IFNoZWtoLVl1c2VmDQo+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaHJpc3RlciBI b2xtYmVyZw0KPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmljdG9yIFBhc2N1YWwN Cj4gICAgICAgICAgICAgIEZpbGVuYW1lICAgICAgICA6IGRyYWZ0LWlldGYtc2lwY29yZS1zaXAt dG9rZW4tYXV0aG56LTEwLnR4dA0KPiAgICAgICAgICAgICAgUGFnZXMgICAgICAgICAgIDogMTQN Cj4gICAgICAgICAgICAgIERhdGUgICAgICAgICAgICA6IDIwMjAtMDMtMDcNCj4NCj4gICAgIEFi c3RyYWN0Og0KPiAgICAgICAgIFRoaXMgZG9jdW1lbnQgZGVmaW5lcyB0aGUgIkJlYXJlciIgYXV0 aGVudGljYXRpb24gc2NoZW1lIGZvciB0aGUNCj4gICAgICAgICBTZXNzaW9uIEluaXRpYXRpb24g UHJvdG9jb2wgKFNJUCksIGFuZCBhIG1lY2hhbmlzbSBieSB3aGljaCB1c2VyDQo+ICAgICAgICAg YXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24gYXV0aG9yaXphdGlvbiBpcyBkZWxl Z2F0ZWQgdG8gYQ0KPiAgICAgICAgIHRoaXJkIHBhcnR5LCB1c2luZyB0aGUgT0F1dGggMi4wIGZy YW1ld29yayBhbmQgT3BlbklEIENvbm5lY3QgQ29yZQ0KPiAgICAgICAgIDEuMC4gIFRoaXMgZG9j dW1lbnQgdXBkYXRlcyBSRkMgMzI2MSB0byBwcm92aWRlIGd1aWRhbmNlIG9uIGhvdw0KPiAgICAg YSBTSVANCj4gICAgICAgICBVc2VyIEFnZW50IENsaWVudCAoVUFDKSByZXNwb25kcyB0byBhIFNJ UCA0MDEvNDA3IHJlc3BvbnNlIHRoYXQNCj4gICAgICAgICBjb250YWlucyBtdWx0aXBsZSBXV1ct QXV0aGVudGljYXRlL1Byb3h5LUF1dGhlbnRpY2F0ZSBoZWFkZXIgZmllbGRzLg0KPg0KPg0KPiAg ICAgVGhlIElFVEYgZGF0YXRyYWNrZXIgc3RhdHVzIHBhZ2UgZm9yIHRoaXMgZHJhZnQgaXM6DQo+ ICAgICBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUt c2lwLXRva2VuLWF1dGhuei8NCj4NCj4gICAgIFRoZXJlIGFyZSBhbHNvIGh0bWxpemVkIHZlcnNp b25zIGF2YWlsYWJsZSBhdDoNCj4gICAgIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMA0KPiAgICAgaHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRo bnotMTANCj4gICAgIDxodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9odG1sL2RyYWZ0 LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwPg0KPg0KPiAgICAgQSBkaWZmIGZyb20g dGhlIHByZXZpb3VzIHZlcnNpb24gaXMgYXZhaWxhYmxlIGF0Og0KPiAgICAgaHR0cHM6Ly93d3cu aWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56 LTEwDQo+DQo+DQo+ICAgICBQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEgY291cGxlIG9m IG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZg0KPiAgICAgc3VibWlzc2lvbg0KPiAgICAgdW50aWwg dGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRm Lm9yZzxodHRwOi8vdG9vbHMuaWV0Zi5vcmc+DQo+ICAgICA8aHR0cDovL3Rvb2xzLmlldGYub3Jn Pi4NCj4NCj4gICAgIEludGVybmV0LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUgYnkgYW5vbnlt b3VzIEZUUCBhdDoNCj4gICAgIGZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvDQo+ DQo+DQo+ICAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0KPiAgICAgc2lwY29yZSBtYWlsaW5nIGxpc3QNCj4gICAgIHNpcGNvcmVAaWV0Zi5vcmc8bWFp bHRvOnNpcGNvcmVAaWV0Zi5vcmc+IDxtYWlsdG86c2lwY29yZUBpZXRmLm9yZzxtYWlsdG86c2lw Y29yZUBpZXRmLm9yZz4+DQo+ICAgICBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL3NpcGNvcmUNCj4NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCj4gc2lwY29yZSBtYWlsaW5nIGxpc3QNCj4gc2lwY29yZUBpZXRmLm9yZzxt YWlsdG86c2lwY29yZUBpZXRmLm9yZz4NCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zaXBjb3JlDQo+DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQpzaXBjb3JlIG1haWxpbmcgbGlzdA0Kc2lwY29yZUBpZXRmLm9yZzxtYWls dG86c2lwY29yZUBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vc2lwY29yZQ0K --_000_E4991A142F544A29B3ADC7CC61997170ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <16FD0639A01A7E46BE46DA759E83CD34@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1 YWdlOkVOLVVTIj5QYXVsLCBjb3VsZCB5b3UgcGxlYXNlIHByb3ZpZGUgdGhlIGlucHV0IHRoYXQg aXMgcmVxdWVzdGVkLCBzbyB0aGF0IHdlIGNhbiB0cnkgdG8gbW92ZSB0aGUgZHJhZnQgZm9yd2Fy ZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIg c3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVh c3QtbGFuZ3VhZ2U6RU4tVVMiPkNocmlzdGVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5n dWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9y ZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNt IDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206IDwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPnNpcGNvcmUgJmx0O3NpcGNvcmUtYm91bmNlc0BpZXRm Lm9yZyZndDsgb24gYmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiAmbHQ7cmlmYWF0LmlldGZA Z21haWwuY29tJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5GcmlkYXksIDEzIE1hcmNoIDIwMjAgYXQg MTguMDg8YnI+DQo8Yj5UbzogPC9iPiZxdW90O3BreXppdmF0QGFsdW0ubWl0LmVkdSZxdW90OyAm bHQ7cGt5eml2YXRAYWx1bS5taXQuZWR1Jmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7c2lwY29y ZUBpZXRmLm9yZyZxdW90OyAmbHQ7c2lwY29yZUBpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0 OiA8L2I+UmU6IFtzaXBjb3JlXSBJLUQgQWN0aW9uOiBkcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRv a2VuLWF1dGhuei0xMC50eHQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPlBhdWwsIDxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+SSB3ZW50IHRocm91Z2ggdGhlIGRvY3VtZW50IGFnYWluLCBhbmQg dG8gbWUgaXQgc2VlbXMgY2xlYXIgd2hhdCB3ZSBtZWFudCB3ZSBtZW50aW9uIGEgdG9rZW4sIGJ1 dCBJIHByb2JhYmx5IGFtIHdheSB0b28gY2xvc2UgdG8gc2VlIHRoZSBpc3N1ZXMgdGhhdCB5b3Ug bWlnaHQgYmUgc2VlaW5nLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+RG8geW91IGhhdmUgc29tZSBzcGVjaWZpYyBpc3N1ZSB0aGF0IHlvdSB0aGlu ayB3ZSBjb3VsZCB0cnkgdG8gY2xhcmlmeT88bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwO1JpZmFhdDxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIFNhdCwgTWFyIDcsIDIw MjAgYXQgOTo0OCBQTSBQYXVsIEt5eml2YXQgJmx0OzxhIGhyZWY9Im1haWx0bzpwa3l6aXZhdEBh bHVtLi5taXQuZWR1Ij5wa3l6aXZhdEBhbHVtLm1pdC5lZHU8L2E+Jmd0OyB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4t bGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJpZmFh dCw8YnI+DQo8YnI+DQpPbiAzLzcvMjAgNDo0MCBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3Rl Ojxicj4NCiZndDsgQWxsLDxicj4NCiZndDsgPGJyPg0KJmd0OyBUaGlzIG5ldyB2ZXJzaW9uIGFk ZHJlc3NlcyB0aGUgbGF0ZXN0IGNvbW1lbnQgZnJvbSBQYXVsIHJlZ2FyZGluZyB0aGUgPGJyPg0K Jmd0OyB0b2tlbiByZXByZXNlbnRhdGlvbnMuPGJyPg0KJmd0OyBQbGVhc2UsIHRha2UgYSBsb29r IGFuZCBsZXQgdXMga25vdyBpZiB5b3UgaGF2ZSBhbnkgZnVydGhlciBjb21tZW50cy48YnI+DQo8 YnI+DQpUaGlzIGhlbHBzLiBJIHN0aWxsIGZpbmQgdGhlIHZhcmlvdXMgdXNlcyBvZiAmcXVvdDt0 b2tlbiZxdW90OyBjb25mdXNpbmcgaW4gYSB3YXkgPGJyPg0KSSBzdXNwZWN0IGlzIHVubmVjZXNz YXJ5LiBQYXJ0IG9mIHRoaXMgbWF5IGJlIGEgbWF0dGVyIG9mIE9BVVRIIGhhdmluZyA8YnI+DQpt dWNoIG1vcmUgbWFjaGluZXJ5IHRoYXQgd2Ugb3VnaHQgdG8gbmVlZCB0byB1bmRlcnN0YW5kIGZv ciB0aGlzIGRyYWZ0LiA8YnI+DQpJdCB3b3VsZCBiZSBuaWNlIGlmIHRoaXMgZHJhZnQgd2VyZSB1 bmRlcnN0YW5kYWJsZSB3aXRob3V0IGtub3dpbmcgYWJvdXQgPGJyPg0KJm5ic3A7IGlycmVsZXZh bnQgcGFydHMgb2YgT0FVVEguPGJyPg0KPGJyPg0KSSB0aGluayBJIG5vdyB1bmRlcnN0YW5kIHRo YXQgZm9yIHRoZSBtb3N0IHBhcnQgdGhpcyBkb2N1bWVudCBpcyBvbmx5IDxicj4NCmNvbmNlcm5l ZCB3aXRoIGFjY2VzcyB0b2tlbnMsIGFuZCB0aGF0IGl0IGdlbmVyYWxseSBkb2Vzbid0IG1hdHRl ciA8YnI+DQp3aGV0aGVyIHRoZXkgYXJlIHN0cnVjdHVyZWQgb3IgcmVmZXJlbmNlLiBUaGVyZSBz ZWVtIHRvIGJlIHNvbWUgbGltaXRlZCA8YnI+DQpzZWN0aW9ucyB3aGVyZSB5b3UgbmVlZCB0byB0 YWxrIGFib3V0IHJlZnJlc2ggdG9rZW5zIGFzIGJlaW5nIG5lZWRlZCB0byA8YnI+DQpyZWZyZXNo IGEgc3RhbGUgYWNjZXNzIHRva2VuLiBBbmQgc2ltaWxhcmx5IHRoZXJlIGlzIGEgbGltaXRlZCBu ZWVkIHRvIDxicj4NCmRpc3Rpbmd1aXNoIGJldHdlZW4gc3RydWN0dXJlZCBhbmQgcmVmZXJlbmNl IHRva2VucyB3aGVuIGRpc2N1c3NpbmcgPGJyPg0Kc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMuIChJ biB0aGlzIGxhc3QgdXBkYXRlIHlvdSBhbHNvIGFkZGVkIGEgcmVmZXJlbmNlIDxicj4NCnRvIElE IHRva2Vucy4gSUlVQyB3ZSBzaG91bGRuJ3QgbmVlZCB0byBrbm93IGFib3V0IHRoZW0gYXQgYWxs Lik8YnI+DQo8YnI+DQpJIGFwcHJlY2lhdGUgdGhhdCB5b3UgYXJlIGRlZXBseSBmYW1pbGlhciB3 aXRoIHRoZSBkZXRhaWxzIG9mIE9BVVRIIHRvIDxicj4NCnRoZSBleHRlbnQgdGhhdCB5b3UgY2Fu J3QgYXBwcmVjaWF0ZSBob3cgY29uZnVzaW5nIHRoaXMgY2FuIGJlIHRvIHRob3NlIDxicj4NCm9m IHVzIHdobyBhcmVuJ3QuIGhlbmNlIHRoaXMgYmVjb21lcyBmcnVzdHJhdGluZyBmb3IgYm90aCBv ZiB1cy48YnI+DQo8YnI+DQpJIHRoaW5rIGl0IHdvdWxkIGJlIGdvb2QgdG8gaGVhciB3aGF0IG90 aGVycyBoYXZlIHRvIHNheSBiZWZvcmUgZGVjaWRpbmcgPGJyPg0Kd2hhdCAoaWYgYW55KSBvdGhl ciBjaGFuZ2VzIHNob3VsZCBiZSBtYWRlLjxicj4NCjxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyBUaGFua3MsPGJyPg0KJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IFBhdWw8YnI+ DQo8YnI+DQomZ3Q7IFJlZ2FyZHMsPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDtSaWZhYXQ8YnI+DQom Z3Q7IDxicj4NCiZndDsgPGJyPg0KJmd0OyBPbiBTYXQsIE1hciA3LCAyMDIwIGF0IDQ6MzcgUE0g Jmx0OzxhIGhyZWY9Im1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmciIHRhcmdldD0iX2Js YW5rIj5pbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8L2E+DQo8YnI+DQomZ3Q7ICZsdDttYWlsdG86 PGEgaHJlZj0ibWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi PmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZzwvYT4mZ3Q7Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7IDxi cj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7QSBOZXcgSW50ZXJuZXQtRHJh ZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQtRHJhZnRzPGJyPg0KJmd0 OyZuYnNwOyAmbmJzcDsgJm5ic3A7ZGlyZWN0b3JpZXMuPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsg Jm5ic3A7VGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRlbSBvZiB0aGUgU2Vzc2lvbiBJbml0aWF0aW9u IFByb3RvY29sIENvcmUgV0c8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtvZiB0aGUgSUVU Ri48YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgVGl0bGUmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOzogVGhpcmQtUGFydHkgVG9rZW4tYmFzZWQgQXV0aGVudGljYXRpb248YnI+DQomZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDthbmQgQXV0aG9yaXphdGlvbiBmb3IgU2Vzc2lvbiBJbml0aWF0aW9u IFByb3RvY29sIChTSVApPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyBBdXRob3JzJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OzogUmlmYWF0IFNoZWtoLVl1c2VmPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBDaHJpc3RlciBIb2xtYmVyZzxicj4NCiZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgVmlj dG9yIFBhc2N1YWw8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7IEZpbGVuYW1lJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IDogZHJhZnQt aWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRobnotMTAudHh0PGJyPg0KJmd0OyZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBQYWdlcyZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7OiAxNDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgRGF0ZSZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7IDogMjAyMC0wMy0wNzxicj4NCiZndDsgPGJyPg0KJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7QWJzdHJhY3Q6PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDtUaGlzIGRvY3VtZW50IGRlZmluZXMgdGhlICZxdW90O0JlYXJlciZxdW90 OyBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZm9yIHRoZTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7U2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIChTSVApLCBhbmQg YSBtZWNoYW5pc20gYnkgd2hpY2ggdXNlcjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7YXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24gYXV0aG9yaXph dGlvbiBpcyBkZWxlZ2F0ZWQgdG8gYTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7dGhpcmQgcGFydHksIHVzaW5nIHRoZSBPQXV0aCAyLjAgZnJhbWV3b3JrIGFuZCBP cGVuSUQgQ29ubmVjdCBDb3JlPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsxLjAuJm5ic3A7IFRoaXMgZG9jdW1lbnQgdXBkYXRlcyBSRkMgMzI2MSB0byBwcm92aWRl IGd1aWRhbmNlIG9uIGhvdzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO2EgU0lQPGJyPg0K Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtVc2VyIEFnZW50IENsaWVudCAo VUFDKSByZXNwb25kcyB0byBhIFNJUCA0MDEvNDA3IHJlc3BvbnNlIHRoYXQ8YnI+DQomZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2NvbnRhaW5zIG11bHRpcGxlIFdXVy1BdXRo ZW50aWNhdGUvUHJveHktQXV0aGVudGljYXRlIGhlYWRlciBmaWVsZHMuPGJyPg0KJmd0OyA8YnI+ DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO1RoZSBJRVRGIGRhdGF0cmFja2Vy IHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOzxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYt c2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56Lzwv YT48YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO1RoZXJlIGFyZSBhbHNv IGh0bWxpemVkIHZlcnNpb25zIGF2YWlsYWJsZSBhdDo8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAm bmJzcDs8YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zaXBj b3JlLXNpcC10b2tlbi1hdXRobnotMTAiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3Rvb2xzLmll dGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRobnotMTA8L2E+PGJy Pg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5p ZXRmLiIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi48L2E+Lm9yZy9k b2MvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMDxicj4NCiZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyZsdDs8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYu b3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwIiB0YXJn ZXQ9Il9ibGFuayI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1p ZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMDwvYT4mZ3Q7PGJyPg0KJmd0OyA8YnI+DQom Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBp cyBhdmFpbGFibGUgYXQ6PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7PGEgaHJlZj0iaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9r ZW4tYXV0aG56LTEwIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlm Zj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwPC9hPjxicj4NCiZn dDsgPGJyPg0KJmd0OyA8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtQbGVhc2Ugbm90ZSB0 aGF0IGl0IG1heSB0YWtlIGEgY291cGxlIG9mIG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZjxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO3N1Ym1pc3Npb248YnI+DQomZ3Q7Jm5ic3A7ICZuYnNw OyAmbmJzcDt1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxl IGF0IDxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KdG9v bHMuaWV0Zi5vcmc8L2E+PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7Jmx0OzxhIGhyZWY9 Imh0dHA6Ly90b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly90b29scy5pZXRm Lm9yZzwvYT4mZ3Q7Ljxicj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7SW50 ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBieSBhbm9ueW1vdXMgRlRQIGF0Ojxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOzxhIGhyZWY9ImZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRl cm5ldC1kcmFmdHMvIiB0YXJnZXQ9Il9ibGFuayI+ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0 LWRyYWZ0cy88L2E+PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7 ICZuYnNwO19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJy Pg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7c2lwY29yZSBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDs8YSBocmVmPSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8L2E+ICZsdDttYWlsdG86PGEgaHJlZj0ibWFp bHRvOnNpcGNvcmVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3JlQGlldGYub3JnPC9h PiZndDs8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDs8YSBocmVmPSJodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUiIHRhcmdldD0iX2JsYW5rIj5odHRwczov L3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmU8L2E+PGJyPg0KJmd0OyA8YnI+ DQomZ3Q7IDxicj4NCiZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX188YnI+DQomZ3Q7IHNpcGNvcmUgbWFpbGluZyBsaXN0PGJyPg0KJmd0OyA8YSBocmVm PSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5v cmc8L2E+PGJyPg0KJmd0OyA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp c3RpbmZvL3NpcGNvcmUiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NpcGNvcmU8L2E+PGJyPg0KJmd0OyA8YnI+DQo8YnI+DQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCnNpcGNvcmUgbWFpbGlu ZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmciIHRhcmdldD0iX2Js YW5rIj5zaXBjb3JlQGlldGYub3JnPC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2lwY29yZSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lwY29yZTwvYT48bzpwPjwvbzpwPjwvcD4NCjwv YmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_E4991A142F544A29B3ADC7CC61997170ericssoncom_-- From nobody Thu Mar 19 14:59:44 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774053A10A3; Thu, 19 Mar 2020 14:59:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCD5fXATVpLK; Thu, 19 Mar 2020 14:59:30 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E82B3A10A4; Thu, 19 Mar 2020 14:59:24 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id AA600F4071C; Thu, 19 Mar 2020 14:59:19 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, sipcore@ietf.org Content-type: text/plain; charset=UTF-8 Message-Id: <20200319215919.AA600F4071C@rfc-editor.org> Date: Thu, 19 Mar 2020 14:59:19 -0700 (PDT) Archived-At: Subject: [sipcore] =?utf-8?q?RFC_8760_on_The_Session_Initiation_Protocol_?= =?utf-8?q?=28SIP=29_Digest_Access_Authentication_Scheme?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 21:59:37 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8760 Title: The Session Initiation Protocol (SIP) Digest Access Authentication Scheme Author: R. Shekh-Yusef Status: Standards Track Stream: IETF Date: March 2020 Mailbox: rifaat.ietf@gmail.com Pages: 9 Updates: RFC 3261 I-D Tag: draft-ietf-sipcore-digest-scheme-15.txt URL: https://www.rfc-editor.org/info/rfc8760 DOI: 10.17487/RFC8760 This document updates RFC 3261 by modifying the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512/256, to replace the obsolete MD5 algorithm. This document is a product of the Session Initiation Protocol Core Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Sun Mar 22 10:49:33 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F0B3A094B for ; Sun, 22 Mar 2020 10:49:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.405 X-Spam-Level: X-Spam-Status: No, score=-1.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.274, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Awn85h8OPUat for ; Sun, 22 Mar 2020 10:49:29 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D15C3A04BB for ; Sun, 22 Mar 2020 10:49:29 -0700 (PDT) Received: from mutabilis-2.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id 02MHnMsB023887 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 22 Mar 2020 12:49:23 -0500 (CDT) (envelope-from mahoney@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1584899364; bh=QyuP/DxNvMe5U9pNSEP7Dc52+FoSb5QbfTr2GMKMSlg=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=H9bOk1UcwI7unrBrWgtJ4rttrkeFgt6GzdGBU//JmopQMLqXD4pUHcTUMiVtASSlJ rCqFt5Kot6ceY34SqNpSQCccMaL4vBN3UT5xF7/IYpm/hZFT42p1wpwRdscjnMfCgu Owk42KDoi4xCwIDq5g13IZ2Wl9aPm9PY352dCROI= X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be mutabilis-2.local To: Rifaat Shekh-Yusef , Paul Kyzivat Cc: SIPCORE References: <158361705031.18112.120711996540216113@ietfa.amsl.com> From: "A. Jean Mahoney" Message-ID: Date: Sun, 22 Mar 2020 12:49:22 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 17:49:32 -0000 Hi all, Would the following text help? Current: 1.3. Token Formats Tokens can be represented in two different formats: * Structured Token: a token that consists of a structured object that contains the claims associated with the token, e.g. JWT as defined in [RFC7519]. * Reference Token: a token that consists of a random string that is used to obtain the details of the token and its associated claims, as defined in [RFC6749]. Access Tokens could be represnetd in one of the above two formats. Refresh Tokens usualy are represented in a reference format, as this token is consumed only the AS that issued the token. ID Token is defined as a structured token in the form of a JWT. Proposed: 1.3 Token Types and Formats The tokens used in third-party authorization depend on the type of authorization server (AS). An OAuth authorization server provides the following tokens to a successfully authorized UAC: * Access token: the UAC will use this token to gain access to services by providing the token to a SIP server. * Refresh token: the UAC will present this token to the AS to refresh a stale access token. An OpenID Connect server returns an additional token: * ID Token: this token contains the SIP URI and other user-specific details that will be consumed by the UAC. Tokens can be represented in two different formats: * Structured token: a token that consists of a structured object that contains the claims associated with the token, e.g., JSON Web Token (JWT) defined in [RFC7519]. * Reference token: a token that consists of a random string that is used to obtain the details of the token and its associated claims, as defined in [RFC6749]. Access tokens can be represented in one of the above two formats. Refresh tokens usually are represented in a reference format, as this token is consumed only the AS that issued the token. The ID Token is defined as a structured token in the form of a JWT. Thanks, Jean On 3/13/20 11:07 AM, Rifaat Shekh-Yusef wrote: > Paul, > > I went through the document again, and to me it seems clear what we > meant we mention a token, but I probably am way too close to see the > issues that you might be seeing. > Do you have some specific issue that you think we could try to clarify? > > Regards, >  Rifaat > > > On Sat, Mar 7, 2020 at 9:48 PM Paul Kyzivat > wrote: > > Rifaat, > > On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > This new version addresses the latest comment from Paul regarding > the > > token representations. > > Please, take a look and let us know if you have any further comments. > > This helps. I still find the various uses of "token" confusing in a way > I suspect is unnecessary. Part of this may be a matter of OAUTH having > much more machinery that we ought to need to understand for this draft. > It would be nice if this draft were understandable without knowing > about >   irrelevant parts of OAUTH. > > I think I now understand that for the most part this document is only > concerned with access tokens, and that it generally doesn't matter > whether they are structured or reference. There seem to be some limited > sections where you need to talk about refresh tokens as being needed to > refresh a stale access token. And similarly there is a limited need to > distinguish between structured and reference tokens when discussing > security considerations. (In this last update you also added a > reference > to ID tokens. IIUC we shouldn't need to know about them at all.) > > I appreciate that you are deeply familiar with the details of OAUTH to > the extent that you can't appreciate how confusing this can be to those > of us who aren't. hence this becomes frustrating for both of us. > > I think it would be good to hear what others have to say before > deciding > what (if any) other changes should be made. > >         Thanks, >         Paul > > > Regards, > >   Rifaat > > > > > > On Sat, Mar 7, 2020 at 4:37 PM > > >> wrote: > > > > > >     A New Internet-Draft is available from the on-line > Internet-Drafts > >     directories. > >     This draft is a work item of the Session Initiation Protocol > Core WG > >     of the IETF. > > > >              Title           : Third-Party Token-based Authentication > >     and Authorization for Session Initiation Protocol (SIP) > >              Authors         : Rifaat Shekh-Yusef > >                                Christer Holmberg > >                                Victor Pascual > >              Filename        : > draft-ietf-sipcore-sip-token-authnz-10.txt > >              Pages           : 14 > >              Date            : 2020-03-07 > > > >     Abstract: > >         This document defines the "Bearer" authentication scheme > for the > >         Session Initiation Protocol (SIP), and a mechanism by > which user > >         authentication and SIP registration authorization is > delegated to a > >         third party, using the OAuth 2.0 framework and OpenID > Connect Core > >         1.0.  This document updates RFC 3261 to provide guidance > on how > >     a SIP > >         User Agent Client (UAC) responds to a SIP 401/407 > response that > >         contains multiple WWW-Authenticate/Proxy-Authenticate > header fields. > > > > > >     The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > >     There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > > > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > >   > > > >     A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > > > >     Please note that it may take a couple of minutes from the time of > >     submission > >     until the htmlized version and diff are available at > tools.ietf.org > >     . > > > >     Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > >     _______________________________________________ > >     sipcore mailing list > > sipcore@ietf.org > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Sun Mar 22 12:58:29 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE77F3A0894 for ; Sun, 22 Mar 2020 12:58:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a6WC_LeAcWP0 for ; Sun, 22 Mar 2020 12:58:21 -0700 (PDT) Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D32E03A0896 for ; Sun, 22 Mar 2020 12:58:13 -0700 (PDT) Received: by mail-il1-x12b.google.com with SMTP id t11so1290297ils.1 for ; Sun, 22 Mar 2020 12:58:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jK1J4I+juRe2W22G1vXaevsUk95jzJok8sJQ1OErkAk=; b=KitEL6gIiBb3+dq7To6Tp7t1xUDOvmdsuwK1TC+GZgR7hZxRT/84WvarmyMT0FN+Ng epWJ+3C782j3X4fSsG1dulxNjiD1P/O15XGujffIU0rzsnfZO0n4lEc/s3zgE+xaoGXm sEFbx1YAeZ+SdriYOI3v3c7IHJn8YDjygT8qJXFZPSHmavk9qsFFxQaXjy2rdGotw2eL dYHCYdRSjvUpqJKB/hFpZY4NyYUbJlacQh/PeDYwLjiQ3TuMPOS82M2bCp0IQFIrGl62 YeQGMsASNgV4uHjimhgZRTccUlfNAnvoGPwemf+PtwalrilEYhMKTZARaIuz5zxYqGEy qf8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jK1J4I+juRe2W22G1vXaevsUk95jzJok8sJQ1OErkAk=; b=e9LGeU+cKJ+u50+WKEq6j7G7T8F8A1DA/OzGQcH3C17kD998wyzdm00tR9zH+J/Ekc pAeS1ZrPnTv2mc+xe5xe40Xgwk7d4bGtFPdr60EO3kHQY+QOrL1i/wL6j9ydAkbVSlXd ulf/ME64TX/XRQv6qJk1j7WK8cNWmWQpx9QbYHATVWu/N4S01uDQVA77YzZug9cMUudB cvbZFdxdUjPACGRih3vBe5efOomjR3nnEL/C+1WxliAfEfOyy5mKSPy2lnElJ5WphsiY ophGZfDNpC/FksBfNyIfNkJLDeVjK14KroiX5zatl34Tvj7NqivCUC7lO9gItPkhvK3g VIvA== X-Gm-Message-State: ANhLgQ18e3Gz28aekFT6OXHIVPP4HPo8rcY3l4pD3nmRiAHO3yTvIo0f EYavBHHj8ixTCXKtd7VEEBPlLUEjp/+m60nsPjRE1g== X-Google-Smtp-Source: ADFU+vu5t7CWA0GtKg/6aobHPXkXa5ClYvOJupOd6tnz4LGvhag/YzFi4DwGFSFAiiB9iLozucBZoLxAuVV2mCfe8To= X-Received: by 2002:a92:5f98:: with SMTP id i24mr18343739ill.73.1584907093035; Sun, 22 Mar 2020 12:58:13 -0700 (PDT) MIME-Version: 1.0 References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Sun, 22 Mar 2020 15:58:01 -0400 Message-ID: To: "A. Jean Mahoney" Cc: Paul Kyzivat , SIPCORE Content-Type: multipart/alternative; boundary="00000000000048500605a176f051" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 19:58:25 -0000 --00000000000048500605a176f051 Content-Type: text/plain; charset="UTF-8" Thanks Jean! This looks good to me. *Paul,* Does this help address your issue with the current text in the document? Regards, Rifaat On Sun, Mar 22, 2020 at 1:49 PM A. Jean Mahoney wrote: > Hi all, > > Would the following text help? > > Current: > > 1.3. Token Formats > > Tokens can be represented in two different formats: > > * Structured Token: a token that consists of a structured object > that contains the claims associated with the token, e.g. JWT as > defined in [RFC7519]. > > * Reference Token: a token that consists of a random string that is > used to obtain the details of the token and its associated claims, > as defined in [RFC6749]. > > Access Tokens could be represnetd in one of the above two formats. > Refresh Tokens usualy are represented in a reference format, as this > token is consumed only the AS that issued the token. ID Token is > defined as a structured token in the form of a JWT. > > > Proposed: > > 1.3 Token Types and Formats > > The tokens used in third-party authorization depend on the type of > authorization server (AS). > > An OAuth authorization server provides the following tokens to > a successfully authorized UAC: > > * Access token: the UAC will use this token to gain access > to services by providing the token to a SIP server. > > * Refresh token: the UAC will present this token to the AS > to refresh a stale access token. > > An OpenID Connect server returns an additional token: > > * ID Token: this token contains the SIP URI and other > user-specific details that will be consumed by the UAC. > > Tokens can be represented in two different formats: > > * Structured token: a token that consists of a structured object > that contains the claims associated with the token, e.g., > JSON Web Token (JWT) defined in [RFC7519]. > > * Reference token: a token that consists of a random string that is > used to obtain the details of the token and its associated claims, > as defined in [RFC6749]. > > Access tokens can be represented in one of the above two formats. > Refresh tokens usually are represented in a reference format, as this > token is consumed only the AS that issued the token. The ID Token is > defined as a structured token in the form of a JWT. > > > Thanks, > > Jean > > > On 3/13/20 11:07 AM, Rifaat Shekh-Yusef wrote: > > Paul, > > > > I went through the document again, and to me it seems clear what we > > meant we mention a token, but I probably am way too close to see the > > issues that you might be seeing. > > Do you have some specific issue that you think we could try to clarify? > > > > Regards, > > Rifaat > > > > > > On Sat, Mar 7, 2020 at 9:48 PM Paul Kyzivat > > wrote: > > > > Rifaat, > > > > On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote: > > > All, > > > > > > This new version addresses the latest comment from Paul regarding > > the > > > token representations. > > > Please, take a look and let us know if you have any further > comments. > > > > This helps. I still find the various uses of "token" confusing in a > way > > I suspect is unnecessary. Part of this may be a matter of OAUTH > having > > much more machinery that we ought to need to understand for this > draft. > > It would be nice if this draft were understandable without knowing > > about > > irrelevant parts of OAUTH. > > > > I think I now understand that for the most part this document is only > > concerned with access tokens, and that it generally doesn't matter > > whether they are structured or reference. There seem to be some > limited > > sections where you need to talk about refresh tokens as being needed > to > > refresh a stale access token. And similarly there is a limited need > to > > distinguish between structured and reference tokens when discussing > > security considerations. (In this last update you also added a > > reference > > to ID tokens. IIUC we shouldn't need to know about them at all.) > > > > I appreciate that you are deeply familiar with the details of OAUTH > to > > the extent that you can't appreciate how confusing this can be to > those > > of us who aren't. hence this becomes frustrating for both of us. > > > > I think it would be good to hear what others have to say before > > deciding > > what (if any) other changes should be made. > > > > Thanks, > > Paul > > > > > Regards, > > > Rifaat > > > > > > > > > On Sat, Mar 7, 2020 at 4:37 PM > > > > > >> wrote: > > > > > > > > > A New Internet-Draft is available from the on-line > > Internet-Drafts > > > directories. > > > This draft is a work item of the Session Initiation Protocol > > Core WG > > > of the IETF. > > > > > > Title : Third-Party Token-based > Authentication > > > and Authorization for Session Initiation Protocol (SIP) > > > Authors : Rifaat Shekh-Yusef > > > Christer Holmberg > > > Victor Pascual > > > Filename : > > draft-ietf-sipcore-sip-token-authnz-10.txt > > > Pages : 14 > > > Date : 2020-03-07 > > > > > > Abstract: > > > This document defines the "Bearer" authentication scheme > > for the > > > Session Initiation Protocol (SIP), and a mechanism by > > which user > > > authentication and SIP registration authorization is > > delegated to a > > > third party, using the OAuth 2.0 framework and OpenID > > Connect Core > > > 1.0. This document updates RFC 3261 to provide guidance > > on how > > > a SIP > > > User Agent Client (UAC) responds to a SIP 401/407 > > response that > > > contains multiple WWW-Authenticate/Proxy-Authenticate > > header fields. > > > > > > > > > The IETF datatracker status page for this draft is: > > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > > > There are also htmlized versions available at: > > > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10 > > > > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > > > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-10 > > > > > > > > A diff from the previous version is available at: > > > > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-10 > > > > > > > > > Please note that it may take a couple of minutes from the > time of > > > submission > > > until the htmlized version and diff are available at > > tools.ietf.org > > > . > > > > > > Internet-Drafts are also available by anonymous FTP at: > > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > > > > _______________________________________________ > > > sipcore mailing list > > > sipcore@ietf.org > > > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > > > > _______________________________________________ > > > sipcore mailing list > > > sipcore@ietf.org > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > --00000000000048500605a176f051 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Jean!

This looks=C2=A0good to me= .


Paul,

=
Does this help address your issue with the current text in the documen= t?

Regards,
=C2=A0Rifaat

<= /div>


On Sun, Mar 22, 2020 at 1:49 PM A. Jean Mahoney <mahoney@nostrum.com> wrote:
<= /div>
Hi all,

Would the following text help?

Current:

1.3.=C2=A0 Token Formats

=C2=A0 =C2=A0 Tokens can be represented in two different formats:

=C2=A0 =C2=A0 *=C2=A0 Structured Token: a token that consists of a structur= ed object
=C2=A0 =C2=A0 =C2=A0 =C2=A0that contains the claims associated with the tok= en, e.g.=C2=A0 JWT as
=C2=A0 =C2=A0 =C2=A0 =C2=A0defined in [RFC7519].

=C2=A0 =C2=A0 *=C2=A0 Reference Token: a token that consists of a random st= ring that is
=C2=A0 =C2=A0 =C2=A0 =C2=A0used to obtain the details of the token and its = associated claims,
=C2=A0 =C2=A0 =C2=A0 =C2=A0as defined in [RFC6749].

=C2=A0 =C2=A0 Access Tokens could be represnetd in one of the above two for= mats.
=C2=A0 =C2=A0 Refresh Tokens usualy are represented in a reference format, = as this
=C2=A0 =C2=A0 token is consumed only the AS that issued the token.=C2=A0 ID= Token is
=C2=A0 =C2=A0 defined as a structured token in the form of a JWT.


Proposed:

1.3 Token Types and Formats

=C2=A0 =C2=A0 The tokens used in third-party authorization depend on the ty= pe of
=C2=A0 =C2=A0 authorization server (AS).

=C2=A0 =C2=A0 An OAuth authorization server provides the following tokens t= o
=C2=A0 =C2=A0 a successfully authorized UAC:

=C2=A0 =C2=A0 *=C2=A0 Access token: the UAC will use this token to gain acc= ess
=C2=A0 =C2=A0 =C2=A0 =C2=A0to services by providing the token to a SIP serv= er.

=C2=A0 =C2=A0 *=C2=A0 Refresh token: the UAC will present this token to the= AS
=C2=A0 =C2=A0 =C2=A0 =C2=A0to refresh a stale access token.

=C2=A0 =C2=A0 An OpenID Connect server returns an additional token:

=C2=A0 =C2=A0 *=C2=A0 ID Token: this token contains the SIP URI and other =C2=A0 =C2=A0 =C2=A0 =C2=A0user-specific details that will be consumed by t= he UAC.

=C2=A0 =C2=A0 Tokens can be represented in two different formats:

=C2=A0 =C2=A0 *=C2=A0 Structured token: a token that consists of a structur= ed object
=C2=A0 =C2=A0 =C2=A0 =C2=A0that contains the claims associated with the tok= en, e.g.,
=C2=A0 =C2=A0 =C2=A0 =C2=A0JSON Web Token (JWT) defined in [RFC7519].

=C2=A0 =C2=A0 *=C2=A0 Reference token: a token that consists of a random st= ring that is
=C2=A0 =C2=A0 =C2=A0 =C2=A0used to obtain the details of the token and its = associated claims,
=C2=A0 =C2=A0 =C2=A0 =C2=A0as defined in [RFC6749].

=C2=A0 =C2=A0 Access tokens can be represented in one of the above two form= ats.
=C2=A0 =C2=A0 Refresh tokens usually are represented in a reference format,= as this
=C2=A0 =C2=A0 token is consumed only the AS that issued the token.=C2=A0 Th= e ID Token is
=C2=A0 =C2=A0 defined as a structured token in the form of a JWT.


Thanks,

Jean


On 3/13/20 11:07 AM, Rifaat Shekh-Yusef wrote:
> Paul,
>
> I went through the document again, and to me it seems clear what we > meant we mention a token, but I probably am way too close to see the <= br> > issues that you might be seeing.
> Do you have some specific issue that you think we could try to clarify= ?
>
> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Sat, Mar 7, 2020 at 9:48 PM Paul Kyzivat <pkyzivat@alum.mit.edu
> <mailto:pkyziva= t@alum..mit.edu>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0Rifaat,
>
>=C2=A0 =C2=A0 =C2=A0On 3/7/20 4:40 PM, Rifaat Shekh-Yusef wrote:
>=C2=A0 =C2=A0 =C2=A0 > All,
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > This new version addresses the latest comment= from Paul regarding
>=C2=A0 =C2=A0 =C2=A0the
>=C2=A0 =C2=A0 =C2=A0 > token representations.
>=C2=A0 =C2=A0 =C2=A0 > Please, take a look and let us know if you ha= ve any further comments.
>
>=C2=A0 =C2=A0 =C2=A0This helps. I still find the various uses of "= token" confusing in a way
>=C2=A0 =C2=A0 =C2=A0I suspect is unnecessary. Part of this may be a mat= ter of OAUTH having
>=C2=A0 =C2=A0 =C2=A0much more machinery that we ought to need to unders= tand for this draft.
>=C2=A0 =C2=A0 =C2=A0It would be nice if this draft were understandable = without knowing
>=C2=A0 =C2=A0 =C2=A0about
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 irrelevant parts of OAUTH.
>
>=C2=A0 =C2=A0 =C2=A0I think I now understand that for the most part thi= s document is only
>=C2=A0 =C2=A0 =C2=A0concerned with access tokens, and that it generally= doesn't matter
>=C2=A0 =C2=A0 =C2=A0whether they are structured or reference. There see= m to be some limited
>=C2=A0 =C2=A0 =C2=A0sections where you need to talk about refresh token= s as being needed to
>=C2=A0 =C2=A0 =C2=A0refresh a stale access token. And similarly there i= s a limited need to
>=C2=A0 =C2=A0 =C2=A0distinguish between structured and reference tokens= when discussing
>=C2=A0 =C2=A0 =C2=A0security considerations. (In this last update you a= lso added a
>=C2=A0 =C2=A0 =C2=A0reference
>=C2=A0 =C2=A0 =C2=A0to ID tokens. IIUC we shouldn't need to know ab= out them at all.)
>
>=C2=A0 =C2=A0 =C2=A0I appreciate that you are deeply familiar with the = details of OAUTH to
>=C2=A0 =C2=A0 =C2=A0the extent that you can't appreciate how confus= ing this can be to those
>=C2=A0 =C2=A0 =C2=A0of us who aren't. hence this becomes frustratin= g for both of us.
>
>=C2=A0 =C2=A0 =C2=A0I think it would be good to hear what others have t= o say before
>=C2=A0 =C2=A0 =C2=A0deciding
>=C2=A0 =C2=A0 =C2=A0what (if any) other changes should be made.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul
>
>=C2=A0 =C2=A0 =C2=A0 > Regards,
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0Rifaat
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > On Sat, Mar 7, 2020 at 4:37 PM <internet-drafts@ietf.or= g
>=C2=A0 =C2=A0 =C2=A0<mailto:internet-drafts@ietf.org>
>=C2=A0 =C2=A0 =C2=A0 > <mailto:internet-drafts@ietf.org
>=C2=A0 =C2=A0 =C2=A0<mailto:internet-drafts@ietf.org>>> wrote:
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is av= ailable from the on-line
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0This draft is a work item = of the Session Initiation Protocol
>=C2=A0 =C2=A0 =C2=A0Core WG
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0of the IETF.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based= Authentication
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0and Authorization for Sess= ion Initiation Protocol (SIP)
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer= Holmberg
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor P= ascual
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 :
>=C2=A0 =C2=A0 =C2=A0draft-ietf-sipcore-sip-token-authnz-10.txt
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : 2020-03-07
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This documen= t defines the "Bearer" authentication scheme
>=C2=A0 =C2=A0 =C2=A0for the
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Session Init= iation Protocol (SIP), and a mechanism by
>=C2=A0 =C2=A0 =C2=A0which user
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authenticati= on and SIP registration authorization is
>=C2=A0 =C2=A0 =C2=A0delegated to a
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0third party,= using the OAuth 2.0 framework and OpenID
>=C2=A0 =C2=A0 =C2=A0Connect Core
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01.0.=C2=A0 T= his document updates RFC 3261 to provide guidance
>=C2=A0 =C2=A0 =C2=A0on how
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0a SIP
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0User Agent C= lient (UAC) responds to a SIP 401/407
>=C2=A0 =C2=A0 =C2=A0response that
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0contains mul= tiple WWW-Authenticate/Proxy-Authenticate
>=C2=A0 =C2=A0 =C2=A0header fields.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0The IETF datatracker statu= s page for this draft is:
>=C2=A0 =C2=A0 =C2=A0 > h= ttps://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ >=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0There are also htmlized ve= rsions available at:
>=C2=A0 =C2=A0 =C2=A0 > http= s://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0
>=C2=A0 =C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-to= ken-authnz-10>
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0A diff from the previous v= ersion is available at:
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-10
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Please note that it may ta= ke a couple of minutes from the time of
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0until the htmlized version= and diff are available at
>=C2=A0 =C2=A0 =C2=A0tools.ietf.org <http://tools.ietf.org>
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org&= gt;.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also a= vailable by anonymous FTP at:
>=C2=A0 =C2=A0 =C2=A0 > ftp://ftp.ietf.org/internet-drafts/=
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0__________________________= _____________________
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0 > sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0<mailto:sipcore@ietf.org <mailto:sipcore@ietf.org>>
>=C2=A0 =C2=A0 =C2=A0 > https://www.ietf.org/mail= man/listinfo/sipcore
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > _____________________________________________= __
>=C2=A0 =C2=A0 =C2=A0 > sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0 > sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0 > https://www.ietf.org/mail= man/listinfo/sipcore
>=C2=A0 =C2=A0 =C2=A0 >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >
--00000000000048500605a176f051-- From nobody Sun Mar 22 12:58:48 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F4A43A0894 for ; Sun, 22 Mar 2020 12:58:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7XENPWX-T_1 for ; Sun, 22 Mar 2020 12:58:24 -0700 (PDT) Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 545C13A0893 for ; Sun, 22 Mar 2020 12:58:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IX3+WxXeK/rHBbzSe4kmqE7XAdvmle8+qBerRyUAe2djKMWWzZ7I/F1nSquHuEOIOrH8cOiTU0lUyPLvVbr1wyXICqe3OJ0i7NS+oj19Qa+9rTcYZH6BcAJKhruNQf38q2hoHfYWix7Cg0ip1KfJEKR/+K9XtGLsYbRsFYYBL5FrSualiiGXYCDCwsVv0Kx6TpTF/F9j0z9l+9Q2aqSoNtdVXL5mcpcd8oX2nOxJEiI8q/Ky5X0v/sRxn4SeqyxZrDoKxH06fO/xJ8n5T3rs+4Ri49UCHZ9eb3ci+Hbc2VrlkMqfEMUdPqnQvbj/oeug4SUSM0wTgQVa5PaPq95/Pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G/obFkpAJcVYNu/fH1sQfAZKigbdhwJlPJkgAh0B0Nk=; b=IHdt35vVCk/Pjh8yPjCiYdD3+CjOaJygDSOLhh57XZdYlN+ejhlbXjA6yP9E7iA0dfQ3gpGiQ1vtdbnbZWm5vTb5tywdTG+7gAEi3v8IK39U6/bOlBdvY1IBKasusMq24C8L8SNjlqEkHznUjsrR3waneIwMC+m4ENb92lWhJN5a+jA5ue1oA+ZKWeu/M8sD5NSGh0dQIe+Q+dIsepcJ8l3j9/27aDLGPd78zft3sBdRk8knlDR7HDU5W3KG20JXe0tNXjKf88srHGwDM8CwXXJTCT9aIbgYC/nhwfTeaJTR01gPpsww7QctNBogRU3KDZ+rwC7SbUEygGhPBs1bOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=nostrum.com smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G/obFkpAJcVYNu/fH1sQfAZKigbdhwJlPJkgAh0B0Nk=; b=dVv7QxTvyYTUK8NOVJ+KEQKnkRovz3C3BtIS1vz3jeUwTY2zxBjc+UZ+hEoVpC1X2b7M5O+Hjcv/gyNMBaOdiRTbb5pDEJ7s/PkDMPSFGqK9GIQnXFlZktD9qBIwgAJwtY//7V0wKYZgS5Nc8HN3jha7zlFr+j2TrKCS8ol0H6c= Received: from MN2PR01CA0058.prod.exchangelabs.com (2603:10b6:208:23f::27) by CY4PR12MB1800.namprd12.prod.outlook.com (2603:10b6:903:122::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Sun, 22 Mar 2020 19:58:19 +0000 Received: from BL2NAM02FT062.eop-nam02.prod.protection.outlook.com (2603:10b6:208:23f:cafe::f2) by MN2PR01CA0058.outlook.office365.com (2603:10b6:208:23f::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.18 via Frontend Transport; Sun, 22 Mar 2020 19:58:19 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; nostrum.com; dkim=none (message not signed) header.d=none;nostrum.com; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT062.mail.protection.outlook.com (10.152.77.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13 via Frontend Transport; Sun, 22 Mar 2020 19:58:19 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 02MJwF8t014663 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 22 Mar 2020 15:58:16 -0400 To: "A. Jean Mahoney" , Rifaat Shekh-Yusef Cc: SIPCORE References: <158361705031.18112.120711996540216113@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <25e8400b-0479-5a93-ba36-697f8af48f87@alum.mit.edu> Date: Sun, 22 Mar 2020 15:58:15 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(346002)(376002)(396003)(136003)(199004)(46966005)(86362001)(70206006)(70586007)(26826003)(4326008)(246002)(53546011)(75432002)(5660300002)(31696002)(786003)(316002)(7596002)(31686004)(36906005)(478600001)(2906002)(47076004)(26005)(110136005)(356004)(8676002)(8936002)(186003)(2616005)(956004)(336012); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1800; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 42909bef-0dfd-4c7e-df27-08d7ce9b5e27 X-MS-TrafficTypeDiagnostic: CY4PR12MB1800: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 0350D7A55D X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NYlqR8Qb5vI8/qku35BTkW4VGLZT80LR119DNRNJHBgUSPo7Szqc3fiiIbfN3NVvt3bCf935eTpmAUQShrTzn5qs3Kal/KhfDqcigdoM9FQnK1pWS+zURHPhapTMaG0XNdjiOAO2FcZemsrtA+btgGSer8es7xZ8wSbREmDeI59RPzwgQdoXHBYMerX8gg3bmK+0SvKItOd7iabFj/aWuIhZQTDtpdpN+mhRJM/cqyLj+joqGDGu7P63L1nXlSmsGJa36EZiMN6F8TRfgcmM9gjEktAmGQAikju40r/w9Vbqgloy4+NsVJGjq4sTn6Umx8pSMOCk7Lkhadt7C4UAmu98Fw12hqa4E6wuKDBwQJSqmFgWnggLqGK8Ayw1Ho0joUwQ0FkKGo/DkbzsgOk1gflMzGTw9dQp6vEBjaMrqgiUcv8MAMBGSOMB9B7ezl/S1ktXotjcTKL/9eZP84OVo8+qn8WSEMW0BzXBXqVBYtd80h6ZqbLCZjS78/YJn6qE8StP6RlMQAseJYhnICGX4A== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2020 19:58:19.0528 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 42909bef-0dfd-4c7e-df27-08d7ce9b5e27 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1800 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 19:58:26 -0000 Jean, Comments inline. On 3/22/20 1:49 PM, A. Jean Mahoney wrote: > Hi all, > > Would the following text help? > > Current: > > 1.3.  Token Formats > >    Tokens can be represented in two different formats: > >    *  Structured Token: a token that consists of a structured object >       that contains the claims associated with the token, e.g.  JWT as >       defined in [RFC7519]. > >    *  Reference Token: a token that consists of a random string that is >       used to obtain the details of the token and its associated claims, >       as defined in [RFC6749]. > >    Access Tokens could be represnetd in one of the above two formats. >    Refresh Tokens usualy are represented in a reference format, as this >    token is consumed only the AS that issued the token.  ID Token is >    defined as a structured token in the form of a JWT. > > > Proposed: > > 1.3 Token Types and Formats > >    The tokens used in third-party authorization depend on the type of >    authorization server (AS). > >    An OAuth authorization server provides the following tokens to >    a successfully authorized UAC: > >    *  Access token: the UAC will use this token to gain access >       to services by providing the token to a SIP server. > >    *  Refresh token: the UAC will present this token to the AS >       to refresh a stale access token. > >    An OpenID Connect server returns an additional token: > >    *  ID Token: this token contains the SIP URI and other >       user-specific details that will be consumed by the UAC. > >    Tokens can be represented in two different formats: > >    *  Structured token: a token that consists of a structured object >       that contains the claims associated with the token, e.g., >       JSON Web Token (JWT) defined in [RFC7519]. > >    *  Reference token: a token that consists of a random string that is >       used to obtain the details of the token and its associated claims, >       as defined in [RFC6749]. > >    Access tokens can be represented in one of the above two formats. >    Refresh tokens usually are represented in a reference format, as this >    token is consumed only the AS that issued the token.  The ID Token is >    defined as a structured token in the form of a JWT. This is getting much better. I think a lot of the problem is that OAuth has been sloppy in choosing their terminology. IIUC there are many varieties of token, varying in at least two dimensions: - Purpose: Access, Refresh, ID - Format: Structured, Reference But it seems that the nomenclature is using "(prefix) Token" to describe both. So when referring to "Access Token" it is unspecified whether it is Structured or Reference, and when referring to "Reference Token" it is unspecified whether it is Access, Refresh, or ID. In many cases this may be clear from context once all this is clear to the reader. But maybe there is room to be more explicit, such as: Structured Access Token, or even (Structured or Reference) Access Token. I've been staring at, and commenting on, this for so long that I no longer think I can objectively see what is necessary to make the text clear. Thanks, Paul From nobody Sun Mar 22 13:55:53 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3883A0833 for ; Sun, 22 Mar 2020 13:55:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVm3W00Wmqmj for ; Sun, 22 Mar 2020 13:55:40 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70051.outbound.protection.outlook.com [40.107.7.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8403A0800 for ; Sun, 22 Mar 2020 13:55:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UEylKnNOrK4CDtCC7f32C2SBtx6Lpunhk3JVlq+C7q/L9ZCnOS+mg7ysEnS0f4GSNjoL/zsKZU5PUjw0a3wzCQDmbf9cot387KvwqIfRgjsGes0HRc3GRp4FHeJjk/m+PpEptKOJDgev+ycn/h0hnLANEYHNd7sMpZwyKTxsWEq6MMNu15UBWmKc16jekoNypvDMdcESiMnO5p2e6pSD2ZBlPlMvblRmeOZCzd7HxZ6uS/IBdGZR8tOsxi0t+PzIgXFhS9frqk8f2sBnkZFLcw7V1MJZbpW/RgB0ZEOpzS5mxm7btnJ89+4EcJ5LgPNC7ulBUc1RoANYYzn9IT9+Eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6eMWNM/9po5b0QwDFiCuLmnek+6TQ3RdAuoH9ScMR0=; b=ORq8CrVUuTjnnbQyQUT41vsRwHdbWXaSrTg/z8IqdzqIcIGHezWhOcc1Nk4VxCBYMWR9VmjsSi3f9YyTa1XIyX+G35nVPHusD5c20jJqehoCPM2323XALG9MSQgXFgvRTDkwYpw4dkqHcTNnUP7WKKAmMWJbZd6FyfLXNEGQkbN50qdn3M1msY/Ki9waeEP5pmoFSnzZjV+FD/nnJHwsCGDxN8M9b6PXLU2Sa5CQeX/Cj5VDCFSMbKzKTcdvtFu+35NYMrxK7r03F2AiS3Fa+s23wjzch9OkmCH+RtsTE68i1Vv9fucOb20ztSzeqq931AZxFQLzzjbp7QD4MP2+WQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6eMWNM/9po5b0QwDFiCuLmnek+6TQ3RdAuoH9ScMR0=; b=iZFfr6Dt/+4p06oIRd9nPmL/PuBkK1hzKPIM0hhrKWB4NvY01x6OcR/yBkFiSw5lylXEakFEfFKZIkIKPcI3BGoi7Gt/O/l56kF7TjTghwUHn2/ooMTPSusQYJqmMX8XgywrQaTepKwipKKXOgMdOvKRIg8r6UcxEsBR0YZ98DA= Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (52.134.82.159) by AM0PR07MB6019.eurprd07.prod.outlook.com (20.178.112.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Sun, 22 Mar 2020 20:55:36 +0000 Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512%7]) with mapi id 15.20.2856.003; Sun, 22 Mar 2020 20:55:36 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef , "A. Jean Mahoney" CC: SIPCORE Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt Thread-Index: AQHV9Mil8bEoekvAOky0WAsxxpkbVKg9qImAgABV44CACLsfgIAOQVMAgAAj8oCAADGeAA== Date: Sun, 22 Mar 2020 20:55:36 +0000 Message-ID: References: <158361705031.18112.120711996540216113@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d2e1103d-e3b8-459c-f59f-08d7cea35efd x-ms-traffictypediagnostic: AM0PR07MB6019: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0350D7A55D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(199004)(6486002)(478600001)(5660300002)(6512007)(71200400001)(86362001)(91956017)(76116006)(4326008)(66446008)(66946007)(2906002)(110136005)(64756008)(66574012)(33656002)(66476007)(66556008)(966005)(186003)(8936002)(26005)(44832011)(2616005)(81156014)(8676002)(81166006)(6506007)(36756003)(53546011)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB6019; H:AM0PR07MB3987.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y9UXoG3KUHpxGC47VH3+oSc/n5jDgy6qArm2sByK7UPfemkPBP30ANGwbvPdJlEda9PlVcaIBCqevkbMjvUUm4gmTk0BiohhGB2dgDZqHP/tOb+jYALC+6tn4+EDFzwVSYjC4GqBr0pP0lATOXA33ngiND7GEQGAepEt12vYvOWUSP4pdhIOwqrW8/drRqMDyHmcpv8oXLN9LdT98cBmHE68Xh3aDI5+uz3MjtWjtGH7H92enj6RzGzv0BR8OFxZnR3aLarZz8g8HWLdBjbV2JcIdLbG4pUSYZeu1GCS6Is+HCwSzTqidCGTryf50gh4tc+DCWxpuL660WKZfxIcEQVS+Eo0jdZ5sImx+CtdX88Wz+Q2NfOu1tikbMhDXf5stIfVw/Ksa0QxB9fycQXOTzNQD3pOwM176IY+TFVa9fwdFYwroZILzhOETeM1cM6Icd+SN1bxe6D5lw7KD8oUthoH19boAkFBjMWZ8L2BAO0HI/+CA1a7FLpk8duDsTZ/ x-ms-exchange-antispam-messagedata: GL5BnrYj3tN9KU6GWIqfDRIE1lZ4TUlYGhV0yQe8yl760NJXR0IDRjsjlQkS5hSDl4ulLMnqYo0Bd9VlYFCtobf9osw/BFi1fcwCoQRmKJ6/NXvP1F3Q5E0gtAI9siAV8rkPcT3LMdXonDWZIWypHA== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_B9D8A02D2AA94AA5B2968D1C95335064ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: d2e1103d-e3b8-459c-f59f-08d7cea35efd X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2020 20:55:36.3748 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wiUqWE9Ew7kL0l9gPp3cNnTM+ANhMlLUU5AbtrdfdPa9yo13O06XoU0Y52/Cy/k1ts/o5bg29/HD6qUMj83rddPmbb4lWp8BoLEPbDCEBSI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6019 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 20:55:43 -0000 --_000_B9D8A02D2AA94AA5B2968D1C95335064ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCkkgYW0gZmluZSB3aXRoIEplYW7igJlzIHN1Z2dlc3Rpb24gdG9vLg0KDQpSZWdhcmRz LA0KDQpDaHJpc3Rlcg0KDQoNCkZyb206IHNpcGNvcmUgPHNpcGNvcmUtYm91bmNlc0BpZXRmLm9y Zz4gb24gYmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiA8cmlmYWF0LmlldGZAZ21haWwuY29t Pg0KRGF0ZTogU3VuZGF5LCAyMiBNYXJjaCAyMDIwIGF0IDIxLjU4DQpUbzogIkEuIE1haG9uZXki IDxtYWhvbmV5QG5vc3RydW0uY29tPg0KQ2M6ICJzaXBjb3JlQGlldGYub3JnIiA8c2lwY29yZUBp ZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbc2lwY29yZV0gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1z aXBjb3JlLXNpcC10b2tlbi1hdXRobnotMTAudHh0DQoNClRoYW5rcyBKZWFuIQ0KDQpUaGlzIGxv b2tzIGdvb2QgdG8gbWUuLg0KDQoNClBhdWwsDQoNCkRvZXMgdGhpcyBoZWxwIGFkZHJlc3MgeW91 ciBpc3N1ZSB3aXRoIHRoZSBjdXJyZW50IHRleHQgaW4gdGhlIGRvY3VtZW50Pw0KDQpSZWdhcmRz LA0KIFJpZmFhdA0KDQoNCg0KT24gU3VuLCBNYXIgMjIsIDIwMjAgYXQgMTo0OSBQTSBBLiBKZWFu IE1haG9uZXkgPG1haG9uZXlAbm9zdHJ1bS5jb208bWFpbHRvOm1haG9uZXlAbm9zdHJ1bS5jb20+ PiB3cm90ZToNCkhpIGFsbCwNCg0KV291bGQgdGhlIGZvbGxvd2luZyB0ZXh0IGhlbHA/DQoNCkN1 cnJlbnQ6DQoNCjEuMy4gIFRva2VuIEZvcm1hdHMNCg0KICAgIFRva2VucyBjYW4gYmUgcmVwcmVz ZW50ZWQgaW4gdHdvIGRpZmZlcmVudCBmb3JtYXRzOg0KDQogICAgKiAgU3RydWN0dXJlZCBUb2tl bjogYSB0b2tlbiB0aGF0IGNvbnNpc3RzIG9mIGEgc3RydWN0dXJlZCBvYmplY3QNCiAgICAgICB0 aGF0IGNvbnRhaW5zIHRoZSBjbGFpbXMgYXNzb2NpYXRlZCB3aXRoIHRoZSB0b2tlbiwgZS5nLiAg SldUIGFzDQogICAgICAgZGVmaW5lZCBpbiBbUkZDNzUxOV0uDQoNCiAgICAqICBSZWZlcmVuY2Ug VG9rZW46IGEgdG9rZW4gdGhhdCBjb25zaXN0cyBvZiBhIHJhbmRvbSBzdHJpbmcgdGhhdCBpcw0K ICAgICAgIHVzZWQgdG8gb2J0YWluIHRoZSBkZXRhaWxzIG9mIHRoZSB0b2tlbiBhbmQgaXRzIGFz c29jaWF0ZWQgY2xhaW1zLA0KICAgICAgIGFzIGRlZmluZWQgaW4gW1JGQzY3NDldLg0KDQogICAg QWNjZXNzIFRva2VucyBjb3VsZCBiZSByZXByZXNuZXRkIGluIG9uZSBvZiB0aGUgYWJvdmUgdHdv IGZvcm1hdHMuDQogICAgUmVmcmVzaCBUb2tlbnMgdXN1YWx5IGFyZSByZXByZXNlbnRlZCBpbiBh IHJlZmVyZW5jZSBmb3JtYXQsIGFzIHRoaXMNCiAgICB0b2tlbiBpcyBjb25zdW1lZCBvbmx5IHRo ZSBBUyB0aGF0IGlzc3VlZCB0aGUgdG9rZW4uICBJRCBUb2tlbiBpcw0KICAgIGRlZmluZWQgYXMg YSBzdHJ1Y3R1cmVkIHRva2VuIGluIHRoZSBmb3JtIG9mIGEgSldULg0KDQoNClByb3Bvc2VkOg0K DQoxLjMgVG9rZW4gVHlwZXMgYW5kIEZvcm1hdHMNCg0KICAgIFRoZSB0b2tlbnMgdXNlZCBpbiB0 aGlyZC1wYXJ0eSBhdXRob3JpemF0aW9uIGRlcGVuZCBvbiB0aGUgdHlwZSBvZg0KICAgIGF1dGhv cml6YXRpb24gc2VydmVyIChBUykuDQoNCiAgICBBbiBPQXV0aCBhdXRob3JpemF0aW9uIHNlcnZl ciBwcm92aWRlcyB0aGUgZm9sbG93aW5nIHRva2VucyB0bw0KICAgIGEgc3VjY2Vzc2Z1bGx5IGF1 dGhvcml6ZWQgVUFDOg0KDQogICAgKiAgQWNjZXNzIHRva2VuOiB0aGUgVUFDIHdpbGwgdXNlIHRo aXMgdG9rZW4gdG8gZ2FpbiBhY2Nlc3MNCiAgICAgICB0byBzZXJ2aWNlcyBieSBwcm92aWRpbmcg dGhlIHRva2VuIHRvIGEgU0lQIHNlcnZlci4NCg0KICAgICogIFJlZnJlc2ggdG9rZW46IHRoZSBV QUMgd2lsbCBwcmVzZW50IHRoaXMgdG9rZW4gdG8gdGhlIEFTDQogICAgICAgdG8gcmVmcmVzaCBh IHN0YWxlIGFjY2VzcyB0b2tlbi4NCg0KICAgIEFuIE9wZW5JRCBDb25uZWN0IHNlcnZlciByZXR1 cm5zIGFuIGFkZGl0aW9uYWwgdG9rZW46DQoNCiAgICAqICBJRCBUb2tlbjogdGhpcyB0b2tlbiBj b250YWlucyB0aGUgU0lQIFVSSSBhbmQgb3RoZXINCiAgICAgICB1c2VyLXNwZWNpZmljIGRldGFp bHMgdGhhdCB3aWxsIGJlIGNvbnN1bWVkIGJ5IHRoZSBVQUMuDQoNCiAgICBUb2tlbnMgY2FuIGJl IHJlcHJlc2VudGVkIGluIHR3byBkaWZmZXJlbnQgZm9ybWF0czoNCg0KICAgICogIFN0cnVjdHVy ZWQgdG9rZW46IGEgdG9rZW4gdGhhdCBjb25zaXN0cyBvZiBhIHN0cnVjdHVyZWQgb2JqZWN0DQog ICAgICAgdGhhdCBjb250YWlucyB0aGUgY2xhaW1zIGFzc29jaWF0ZWQgd2l0aCB0aGUgdG9rZW4s IGUuZy4sDQogICAgICAgSlNPTiBXZWIgVG9rZW4gKEpXVCkgZGVmaW5lZCBpbiBbUkZDNzUxOV0u DQoNCiAgICAqICBSZWZlcmVuY2UgdG9rZW46IGEgdG9rZW4gdGhhdCBjb25zaXN0cyBvZiBhIHJh bmRvbSBzdHJpbmcgdGhhdCBpcw0KICAgICAgIHVzZWQgdG8gb2J0YWluIHRoZSBkZXRhaWxzIG9m IHRoZSB0b2tlbiBhbmQgaXRzIGFzc29jaWF0ZWQgY2xhaW1zLA0KICAgICAgIGFzIGRlZmluZWQg aW4gW1JGQzY3NDldLg0KDQogICAgQWNjZXNzIHRva2VucyBjYW4gYmUgcmVwcmVzZW50ZWQgaW4g b25lIG9mIHRoZSBhYm92ZSB0d28gZm9ybWF0cy4NCiAgICBSZWZyZXNoIHRva2VucyB1c3VhbGx5 IGFyZSByZXByZXNlbnRlZCBpbiBhIHJlZmVyZW5jZSBmb3JtYXQsIGFzIHRoaXMNCiAgICB0b2tl biBpcyBjb25zdW1lZCBvbmx5IHRoZSBBUyB0aGF0IGlzc3VlZCB0aGUgdG9rZW4uICBUaGUgSUQg VG9rZW4gaXMNCiAgICBkZWZpbmVkIGFzIGEgc3RydWN0dXJlZCB0b2tlbiBpbiB0aGUgZm9ybSBv ZiBhIEpXVC4NCg0KDQpUaGFua3MsDQoNCkplYW4NCg0KDQpPbiAzLzEzLzIwIDExOjA3IEFNLCBS aWZhYXQgU2hla2gtWXVzZWYgd3JvdGU6DQo+IFBhdWwsDQo+DQo+IEkgd2VudCB0aHJvdWdoIHRo ZSBkb2N1bWVudCBhZ2FpbiwgYW5kIHRvIG1lIGl0IHNlZW1zIGNsZWFyIHdoYXQgd2UNCj4gbWVh bnQgd2UgbWVudGlvbiBhIHRva2VuLCBidXQgSSBwcm9iYWJseSBhbSB3YXkgdG9vIGNsb3NlIHRv IHNlZSB0aGUNCj4gaXNzdWVzIHRoYXQgeW91IG1pZ2h0IGJlIHNlZWluZy4NCj4gRG8geW91IGhh dmUgc29tZSBzcGVjaWZpYyBpc3N1ZSB0aGF0IHlvdSB0aGluayB3ZSBjb3VsZCB0cnkgdG8gY2xh cmlmeT8NCj4NCj4gUmVnYXJkcywNCj4gICBSaWZhYXQNCj4NCj4NCj4gT24gU2F0LCBNYXIgNywg MjAyMCBhdCA5OjQ4IFBNIFBhdWwgS3l6aXZhdCA8cGt5eml2YXRAYWx1bS5taXQuZWR1PG1haWx0 bzpwa3l6aXZhdEBhbHVtLm1pdC5lZHU+DQo+IDxtYWlsdG86cGt5eml2YXRAYWx1bS48bWFpbHRv OnBreXppdmF0QGFsdW0uPi5taXQuZWR1PGh0dHA6Ly9taXQuZWR1Pj4+IHdyb3RlOg0KPg0KPiAg ICAgUmlmYWF0LA0KPg0KPiAgICAgT24gMy83LzIwIDQ6NDAgUE0sIFJpZmFhdCBTaGVraC1ZdXNl ZiB3cm90ZToNCj4gICAgICA+IEFsbCwNCj4gICAgICA+DQo+ICAgICAgPiBUaGlzIG5ldyB2ZXJz aW9uIGFkZHJlc3NlcyB0aGUgbGF0ZXN0IGNvbW1lbnQgZnJvbSBQYXVsIHJlZ2FyZGluZw0KPiAg ICAgdGhlDQo+ICAgICAgPiB0b2tlbiByZXByZXNlbnRhdGlvbnMuDQo+ICAgICAgPiBQbGVhc2Us IHRha2UgYSBsb29rIGFuZCBsZXQgdXMga25vdyBpZiB5b3UgaGF2ZSBhbnkgZnVydGhlciBjb21t ZW50cy4NCj4NCj4gICAgIFRoaXMgaGVscHMuIEkgc3RpbGwgZmluZCB0aGUgdmFyaW91cyB1c2Vz IG9mICJ0b2tlbiIgY29uZnVzaW5nIGluIGEgd2F5DQo+ICAgICBJIHN1c3BlY3QgaXMgdW5uZWNl c3NhcnkuIFBhcnQgb2YgdGhpcyBtYXkgYmUgYSBtYXR0ZXIgb2YgT0FVVEggaGF2aW5nDQo+ICAg ICBtdWNoIG1vcmUgbWFjaGluZXJ5IHRoYXQgd2Ugb3VnaHQgdG8gbmVlZCB0byB1bmRlcnN0YW5k IGZvciB0aGlzIGRyYWZ0Lg0KPiAgICAgSXQgd291bGQgYmUgbmljZSBpZiB0aGlzIGRyYWZ0IHdl cmUgdW5kZXJzdGFuZGFibGUgd2l0aG91dCBrbm93aW5nDQo+ICAgICBhYm91dA0KPiAgICAgICAg aXJyZWxldmFudCBwYXJ0cyBvZiBPQVVUSC4NCj4NCj4gICAgIEkgdGhpbmsgSSBub3cgdW5kZXJz dGFuZCB0aGF0IGZvciB0aGUgbW9zdCBwYXJ0IHRoaXMgZG9jdW1lbnQgaXMgb25seQ0KPiAgICAg Y29uY2VybmVkIHdpdGggYWNjZXNzIHRva2VucywgYW5kIHRoYXQgaXQgZ2VuZXJhbGx5IGRvZXNu J3QgbWF0dGVyDQo+ICAgICB3aGV0aGVyIHRoZXkgYXJlIHN0cnVjdHVyZWQgb3IgcmVmZXJlbmNl LiBUaGVyZSBzZWVtIHRvIGJlIHNvbWUgbGltaXRlZA0KPiAgICAgc2VjdGlvbnMgd2hlcmUgeW91 IG5lZWQgdG8gdGFsayBhYm91dCByZWZyZXNoIHRva2VucyBhcyBiZWluZyBuZWVkZWQgdG8NCj4g ICAgIHJlZnJlc2ggYSBzdGFsZSBhY2Nlc3MgdG9rZW4uIEFuZCBzaW1pbGFybHkgdGhlcmUgaXMg YSBsaW1pdGVkIG5lZWQgdG8NCj4gICAgIGRpc3Rpbmd1aXNoIGJldHdlZW4gc3RydWN0dXJlZCBh bmQgcmVmZXJlbmNlIHRva2VucyB3aGVuIGRpc2N1c3NpbmcNCj4gICAgIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb25zLiAoSW4gdGhpcyBsYXN0IHVwZGF0ZSB5b3UgYWxzbyBhZGRlZCBhDQo+ICAgICBy ZWZlcmVuY2UNCj4gICAgIHRvIElEIHRva2Vucy4gSUlVQyB3ZSBzaG91bGRuJ3QgbmVlZCB0byBr bm93IGFib3V0IHRoZW0gYXQgYWxsLikNCj4NCj4gICAgIEkgYXBwcmVjaWF0ZSB0aGF0IHlvdSBh cmUgZGVlcGx5IGZhbWlsaWFyIHdpdGggdGhlIGRldGFpbHMgb2YgT0FVVEggdG8NCj4gICAgIHRo ZSBleHRlbnQgdGhhdCB5b3UgY2FuJ3QgYXBwcmVjaWF0ZSBob3cgY29uZnVzaW5nIHRoaXMgY2Fu IGJlIHRvIHRob3NlDQo+ICAgICBvZiB1cyB3aG8gYXJlbid0LiBoZW5jZSB0aGlzIGJlY29tZXMg ZnJ1c3RyYXRpbmcgZm9yIGJvdGggb2YgdXMuDQo+DQo+ICAgICBJIHRoaW5rIGl0IHdvdWxkIGJl IGdvb2QgdG8gaGVhciB3aGF0IG90aGVycyBoYXZlIHRvIHNheSBiZWZvcmUNCj4gICAgIGRlY2lk aW5nDQo+ICAgICB3aGF0IChpZiBhbnkpIG90aGVyIGNoYW5nZXMgc2hvdWxkIGJlIG1hZGUuDQo+ DQo+ICAgICAgICAgICAgICBUaGFua3MsDQo+ICAgICAgICAgICAgICBQYXVsDQo+DQo+ICAgICAg PiBSZWdhcmRzLA0KPiAgICAgID4gICBSaWZhYXQNCj4gICAgICA+DQo+ICAgICAgPg0KPiAgICAg ID4gT24gU2F0LCBNYXIgNywgMjAyMCBhdCA0OjM3IFBNIDxpbnRlcm5ldC1kcmFmdHNAaWV0Zi5v cmc8bWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZz4NCj4gICAgIDxtYWlsdG86aW50ZXJu ZXQtZHJhZnRzQGlldGYub3JnPG1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc+Pg0KPiAg ICAgID4gPG1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0LWRy YWZ0c0BpZXRmLm9yZz4NCj4gICAgIDxtYWlsdG86aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPG1h aWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc+Pj4+IHdyb3RlOg0KPiAgICAgID4NCj4gICAg ICA+DQo+ICAgICAgPiAgICAgQSBOZXcgSW50ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20g dGhlIG9uLWxpbmUNCj4gICAgIEludGVybmV0LURyYWZ0cw0KPiAgICAgID4gICAgIGRpcmVjdG9y aWVzLg0KPiAgICAgID4gICAgIFRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0gb2YgdGhlIFNlc3Np b24gSW5pdGlhdGlvbiBQcm90b2NvbA0KPiAgICAgQ29yZSBXRw0KPiAgICAgID4gICAgIG9mIHRo ZSBJRVRGLg0KPiAgICAgID4NCj4gICAgICA+ICAgICAgICAgICAgICBUaXRsZSAgICAgICAgICAg OiBUaGlyZC1QYXJ0eSBUb2tlbi1iYXNlZCBBdXRoZW50aWNhdGlvbg0KPiAgICAgID4gICAgIGFu ZCBBdXRob3JpemF0aW9uIGZvciBTZXNzaW9uIEluaXRpYXRpb24gUHJvdG9jb2wgKFNJUCkNCj4g ICAgICA+ICAgICAgICAgICAgICBBdXRob3JzICAgICAgICAgOiBSaWZhYXQgU2hla2gtWXVzZWYN Cj4gICAgICA+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaHJpc3RlciBIb2xtYmVy Zw0KPiAgICAgID4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFZpY3RvciBQYXNjdWFs DQo+ICAgICAgPiAgICAgICAgICAgICAgRmlsZW5hbWUgICAgICAgIDoNCj4gICAgIGRyYWZ0LWll dGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwLnR4dA0KPiAgICAgID4gICAgICAgICAgICAg IFBhZ2VzICAgICAgICAgICA6IDE0DQo+ICAgICAgPiAgICAgICAgICAgICAgRGF0ZSAgICAgICAg ICAgIDogMjAyMC0wMy0wNw0KPiAgICAgID4NCj4gICAgICA+ICAgICBBYnN0cmFjdDoNCj4gICAg ICA+ICAgICAgICAgVGhpcyBkb2N1bWVudCBkZWZpbmVzIHRoZSAiQmVhcmVyIiBhdXRoZW50aWNh dGlvbiBzY2hlbWUNCj4gICAgIGZvciB0aGUNCj4gICAgICA+ICAgICAgICAgU2Vzc2lvbiBJbml0 aWF0aW9uIFByb3RvY29sIChTSVApLCBhbmQgYSBtZWNoYW5pc20gYnkNCj4gICAgIHdoaWNoIHVz ZXINCj4gICAgICA+ICAgICAgICAgYXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24g YXV0aG9yaXphdGlvbiBpcw0KPiAgICAgZGVsZWdhdGVkIHRvIGENCj4gICAgICA+ICAgICAgICAg dGhpcmQgcGFydHksIHVzaW5nIHRoZSBPQXV0aCAyLjAgZnJhbWV3b3JrIGFuZCBPcGVuSUQNCj4g ICAgIENvbm5lY3QgQ29yZQ0KPiAgICAgID4gICAgICAgICAxLjAuICBUaGlzIGRvY3VtZW50IHVw ZGF0ZXMgUkZDIDMyNjEgdG8gcHJvdmlkZSBndWlkYW5jZQ0KPiAgICAgb24gaG93DQo+ICAgICAg PiAgICAgYSBTSVANCj4gICAgICA+ICAgICAgICAgVXNlciBBZ2VudCBDbGllbnQgKFVBQykgcmVz cG9uZHMgdG8gYSBTSVAgNDAxLzQwNw0KPiAgICAgcmVzcG9uc2UgdGhhdA0KPiAgICAgID4gICAg ICAgICBjb250YWlucyBtdWx0aXBsZSBXV1ctQXV0aGVudGljYXRlL1Byb3h5LUF1dGhlbnRpY2F0 ZQ0KPiAgICAgaGVhZGVyIGZpZWxkcy4NCj4gICAgICA+DQo+ICAgICAgPg0KPiAgICAgID4gICAg IFRoZSBJRVRGIGRhdGF0cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOg0KPiAg ICAgID4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zaXBjb3Jl LXNpcC10b2tlbi1hdXRobnovDQo+ICAgICAgPg0KPiAgICAgID4gICAgIFRoZXJlIGFyZSBhbHNv IGh0bWxpemVkIHZlcnNpb25zIGF2YWlsYWJsZSBhdDoNCj4gICAgICA+IGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMA0KPiAg ICAgID4NCj4gICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi4ub3JnL2RvYy9odG1sL2RyYWZ0 LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwDQo+ICAgICAgPg0KPiAgICAgICA8aHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lw LXRva2VuLWF1dGhuei0xMD4NCj4gICAgICA+DQo+ICAgICAgPiAgICAgQSBkaWZmIGZyb20gdGhl IHByZXZpb3VzIHZlcnNpb24gaXMgYXZhaWxhYmxlIGF0Og0KPiAgICAgID4NCj4gICAgIGh0dHBz Oi8vd3d3LmlldGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2Vu LWF1dGhuei0xMA0KPiAgICAgID4NCj4gICAgICA+DQo+ICAgICAgPiAgICAgUGxlYXNlIG5vdGUg dGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2YNCj4g ICAgICA+ICAgICBzdWJtaXNzaW9uDQo+ICAgICAgPiAgICAgdW50aWwgdGhlIGh0bWxpemVkIHZl cnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdA0KPiAgICAgdG9vbHMuaWV0Zi5vcmc8aHR0 cDovL3Rvb2xzLmlldGYub3JnPiA8aHR0cDovL3Rvb2xzLmlldGYub3JnPg0KPiAgICAgID4gICAg IDxodHRwOi8vdG9vbHMuaWV0Zi5vcmc+Lg0KPiAgICAgID4NCj4gICAgICA+ICAgICBJbnRlcm5l dC1EcmFmdHMgYXJlIGFsc28gYXZhaWxhYmxlIGJ5IGFub255bW91cyBGVFAgYXQ6DQo+ICAgICAg PiBmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzLw0KPiAgICAgID4NCj4gICAgICA+ DQo+ICAgICAgPiAgICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18NCj4gICAgICA+ICAgICBzaXBjb3JlIG1haWxpbmcgbGlzdA0KPiAgICAgID4gc2lwY29y ZUBpZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9yZz4gPG1haWx0bzpzaXBjb3JlQGlldGYu b3JnPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPj4NCj4gICAgIDxtYWlsdG86c2lwY29yZUBpZXRm Lm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9yZz4gPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPG1h aWx0bzpzaXBjb3JlQGlldGYub3JnPj4+DQo+ICAgICAgPiBodHRwczovL3d3dy5pZXRmLm9yZy9t YWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUNCj4gICAgICA+DQo+ICAgICAgPg0KPiAgICAgID4gX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gICAgICA+IHNp cGNvcmUgbWFpbGluZyBsaXN0DQo+ICAgICAgPiBzaXBjb3JlQGlldGYub3JnPG1haWx0bzpzaXBj b3JlQGlldGYub3JnPiA8bWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmc8bWFpbHRvOnNpcGNvcmVAaWV0 Zi5vcmc+Pg0KPiAgICAgID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9z aXBjb3JlDQo+ICAgICAgPg0KPg0KPiAgICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NCj4gICAgIHNpcGNvcmUgbWFpbGluZyBsaXN0DQo+ICAgICBzaXBj b3JlQGlldGYub3JnPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPiA8bWFpbHRvOnNpcGNvcmVAaWV0 Zi5vcmc8bWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmc+Pg0KPiAgICAgaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9zaXBjb3JlDQo+DQo+DQo+IF9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IHNpcGNvcmUgbWFpbGluZyBsaXN0DQo+IHNp cGNvcmVAaWV0Zi5vcmc8bWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmc+DQo+IGh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lwY29yZQ0KPg0K --_000_B9D8A02D2AA94AA5B2968D1C95335064ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkhp LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFy ZWFzdC1sYW5ndWFnZTpFTi1VUyI+SSBhbSBmaW5lIHdpdGggSmVhbuKAmXMgc3VnZ2VzdGlvbiB0 b28uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJl YXN0LWxhbmd1YWdlOkVOLVVTIj5DaHJpc3RlcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFu Z3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4t VVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25l O2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNt Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0 O2NvbG9yOmJsYWNrIj5Gcm9tOiA8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIu MHB0O2NvbG9yOmJsYWNrIj5zaXBjb3JlICZsdDtzaXBjb3JlLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7 IG9uIGJlaGFsZiBvZiBSaWZhYXQgU2hla2gtWXVzZWYgJmx0O3JpZmFhdC5pZXRmQGdtYWlsLmNv bSZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+U3VuZGF5LCAyMiBNYXJjaCAyMDIwIGF0IDIxLjU4PGJy Pg0KPGI+VG86IDwvYj4mcXVvdDtBLiBNYWhvbmV5JnF1b3Q7ICZsdDttYWhvbmV5QG5vc3RydW0u Y29tJmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7c2lwY29yZUBpZXRmLm9yZyZxdW90OyAmbHQ7 c2lwY29yZUBpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0OiA8L2I+UmU6IFtzaXBjb3JlXSBJ LUQgQWN0aW9uOiBkcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMC50eHQ8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PlRoYW5rcyBKZWFuISA8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPlRoaXMgbG9va3MmbmJzcDtnb29kIHRvIG1lLi48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5QYXVsLDwvYj48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RG9lcyB0aGlzIGhlbHAg YWRkcmVzcyB5b3VyIGlzc3VlIHdpdGggdGhlIGN1cnJlbnQgdGV4dCBpbiB0aGUgZG9jdW1lbnQ/ PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJl Z2FyZHMsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij4mbmJzcDtSaWZhYXQ8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPk9uIFN1biwgTWFyIDIyLCAyMDIwIGF0IDE6NDkgUE0gQS4gSmVhbiBN YWhvbmV5ICZsdDs8YSBocmVmPSJtYWlsdG86bWFob25leUBub3N0cnVtLmNvbSI+bWFob25leUBu b3N0cnVtLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2tx dW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtw YWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDow Y20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGkgYWxsLDxicj4NCjxicj4NCldvdWxkIHRoZSBm b2xsb3dpbmcgdGV4dCBoZWxwPzxicj4NCjxicj4NCkN1cnJlbnQ6PGJyPg0KPGJyPg0KMS4zLiZu YnNwOyBUb2tlbiBGb3JtYXRzPGJyPg0KPGJyPg0KJm5ic3A7ICZuYnNwOyBUb2tlbnMgY2FuIGJl IHJlcHJlc2VudGVkIGluIHR3byBkaWZmZXJlbnQgZm9ybWF0czo8YnI+DQo8YnI+DQombmJzcDsg Jm5ic3A7ICombmJzcDsgU3RydWN0dXJlZCBUb2tlbjogYSB0b2tlbiB0aGF0IGNvbnNpc3RzIG9m IGEgc3RydWN0dXJlZCBvYmplY3Q8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDt0aGF0 IGNvbnRhaW5zIHRoZSBjbGFpbXMgYXNzb2NpYXRlZCB3aXRoIHRoZSB0b2tlbiwgZS5nLiZuYnNw OyBKV1QgYXM8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtkZWZpbmVkIGluIFtSRkM3 NTE5XS48YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7ICombmJzcDsgUmVmZXJlbmNlIFRva2VuOiBh IHRva2VuIHRoYXQgY29uc2lzdHMgb2YgYSByYW5kb20gc3RyaW5nIHRoYXQgaXM8YnI+DQombmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDt1c2VkIHRvIG9idGFpbiB0aGUgZGV0YWlscyBvZiB0aGUg dG9rZW4gYW5kIGl0cyBhc3NvY2lhdGVkIGNsYWltcyw8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDthcyBkZWZpbmVkIGluIFtSRkM2NzQ5XS48YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7 IEFjY2VzcyBUb2tlbnMgY291bGQgYmUgcmVwcmVzbmV0ZCBpbiBvbmUgb2YgdGhlIGFib3ZlIHR3 byBmb3JtYXRzLjxicj4NCiZuYnNwOyAmbmJzcDsgUmVmcmVzaCBUb2tlbnMgdXN1YWx5IGFyZSBy ZXByZXNlbnRlZCBpbiBhIHJlZmVyZW5jZSBmb3JtYXQsIGFzIHRoaXM8YnI+DQombmJzcDsgJm5i c3A7IHRva2VuIGlzIGNvbnN1bWVkIG9ubHkgdGhlIEFTIHRoYXQgaXNzdWVkIHRoZSB0b2tlbi4m bmJzcDsgSUQgVG9rZW4gaXM8YnI+DQombmJzcDsgJm5ic3A7IGRlZmluZWQgYXMgYSBzdHJ1Y3R1 cmVkIHRva2VuIGluIHRoZSBmb3JtIG9mIGEgSldULjxicj4NCjxicj4NCjxicj4NClByb3Bvc2Vk Ojxicj4NCjxicj4NCjEuMyBUb2tlbiBUeXBlcyBhbmQgRm9ybWF0czxicj4NCjxicj4NCiZuYnNw OyAmbmJzcDsgVGhlIHRva2VucyB1c2VkIGluIHRoaXJkLXBhcnR5IGF1dGhvcml6YXRpb24gZGVw ZW5kIG9uIHRoZSB0eXBlIG9mPGJyPg0KJm5ic3A7ICZuYnNwOyBhdXRob3JpemF0aW9uIHNlcnZl ciAoQVMpLjxicj4NCjxicj4NCiZuYnNwOyAmbmJzcDsgQW4gT0F1dGggYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgcHJvdmlkZXMgdGhlIGZvbGxvd2luZyB0b2tlbnMgdG88YnI+DQombmJzcDsgJm5ic3A7 IGEgc3VjY2Vzc2Z1bGx5IGF1dGhvcml6ZWQgVUFDOjxicj4NCjxicj4NCiZuYnNwOyAmbmJzcDsg KiZuYnNwOyBBY2Nlc3MgdG9rZW46IHRoZSBVQUMgd2lsbCB1c2UgdGhpcyB0b2tlbiB0byBnYWlu IGFjY2Vzczxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO3RvIHNlcnZpY2VzIGJ5IHBy b3ZpZGluZyB0aGUgdG9rZW4gdG8gYSBTSVAgc2VydmVyLjxicj4NCjxicj4NCiZuYnNwOyAmbmJz cDsgKiZuYnNwOyBSZWZyZXNoIHRva2VuOiB0aGUgVUFDIHdpbGwgcHJlc2VudCB0aGlzIHRva2Vu IHRvIHRoZSBBUzxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO3RvIHJlZnJlc2ggYSBz dGFsZSBhY2Nlc3MgdG9rZW4uPGJyPg0KPGJyPg0KJm5ic3A7ICZuYnNwOyBBbiBPcGVuSUQgQ29u bmVjdCBzZXJ2ZXIgcmV0dXJucyBhbiBhZGRpdGlvbmFsIHRva2VuOjxicj4NCjxicj4NCiZuYnNw OyAmbmJzcDsgKiZuYnNwOyBJRCBUb2tlbjogdGhpcyB0b2tlbiBjb250YWlucyB0aGUgU0lQIFVS SSBhbmQgb3RoZXI8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDt1c2VyLXNwZWNpZmlj IGRldGFpbHMgdGhhdCB3aWxsIGJlIGNvbnN1bWVkIGJ5IHRoZSBVQUMuPGJyPg0KPGJyPg0KJm5i c3A7ICZuYnNwOyBUb2tlbnMgY2FuIGJlIHJlcHJlc2VudGVkIGluIHR3byBkaWZmZXJlbnQgZm9y bWF0czo8YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7ICombmJzcDsgU3RydWN0dXJlZCB0b2tlbjog YSB0b2tlbiB0aGF0IGNvbnNpc3RzIG9mIGEgc3RydWN0dXJlZCBvYmplY3Q8YnI+DQombmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDt0aGF0IGNvbnRhaW5zIHRoZSBjbGFpbXMgYXNzb2NpYXRlZCB3 aXRoIHRoZSB0b2tlbiwgZS5nLiw8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtKU09O IFdlYiBUb2tlbiAoSldUKSBkZWZpbmVkIGluIFtSRkM3NTE5XS48YnI+DQo8YnI+DQombmJzcDsg Jm5ic3A7ICombmJzcDsgUmVmZXJlbmNlIHRva2VuOiBhIHRva2VuIHRoYXQgY29uc2lzdHMgb2Yg YSByYW5kb20gc3RyaW5nIHRoYXQgaXM8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDt1 c2VkIHRvIG9idGFpbiB0aGUgZGV0YWlscyBvZiB0aGUgdG9rZW4gYW5kIGl0cyBhc3NvY2lhdGVk IGNsYWltcyw8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDthcyBkZWZpbmVkIGluIFtS RkM2NzQ5XS48YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7IEFjY2VzcyB0b2tlbnMgY2FuIGJlIHJl cHJlc2VudGVkIGluIG9uZSBvZiB0aGUgYWJvdmUgdHdvIGZvcm1hdHMuPGJyPg0KJm5ic3A7ICZu YnNwOyBSZWZyZXNoIHRva2VucyB1c3VhbGx5IGFyZSByZXByZXNlbnRlZCBpbiBhIHJlZmVyZW5j ZSBmb3JtYXQsIGFzIHRoaXM8YnI+DQombmJzcDsgJm5ic3A7IHRva2VuIGlzIGNvbnN1bWVkIG9u bHkgdGhlIEFTIHRoYXQgaXNzdWVkIHRoZSB0b2tlbi4mbmJzcDsgVGhlIElEIFRva2VuIGlzPGJy Pg0KJm5ic3A7ICZuYnNwOyBkZWZpbmVkIGFzIGEgc3RydWN0dXJlZCB0b2tlbiBpbiB0aGUgZm9y bSBvZiBhIEpXVC48YnI+DQo8YnI+DQo8YnI+DQpUaGFua3MsPGJyPg0KPGJyPg0KSmVhbjxicj4N Cjxicj4NCjxicj4NCk9uIDMvMTMvMjAgMTE6MDcgQU0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90 ZTo8YnI+DQomZ3Q7IFBhdWwsPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IEkgd2VudCB0aHJvdWdoIHRo ZSBkb2N1bWVudCBhZ2FpbiwgYW5kIHRvIG1lIGl0IHNlZW1zIGNsZWFyIHdoYXQgd2UgPGJyPg0K Jmd0OyBtZWFudCB3ZSBtZW50aW9uIGEgdG9rZW4sIGJ1dCBJIHByb2JhYmx5IGFtIHdheSB0b28g Y2xvc2UgdG8gc2VlIHRoZSA8YnI+DQomZ3Q7IGlzc3VlcyB0aGF0IHlvdSBtaWdodCBiZSBzZWVp bmcuPGJyPg0KJmd0OyBEbyB5b3UgaGF2ZSBzb21lIHNwZWNpZmljIGlzc3VlIHRoYXQgeW91IHRo aW5rIHdlIGNvdWxkIHRyeSB0byBjbGFyaWZ5Pzxicj4NCiZndDsgPGJyPg0KJmd0OyBSZWdhcmRz LDxicj4NCiZndDsmbmJzcDsgJm5ic3A7UmlmYWF0PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4N CiZndDsgT24gU2F0LCBNYXIgNywgMjAyMCBhdCA5OjQ4IFBNIFBhdWwgS3l6aXZhdCAmbHQ7PGEg aHJlZj0ibWFpbHRvOnBreXppdmF0QGFsdW0ubWl0LmVkdSIgdGFyZ2V0PSJfYmxhbmsiPnBreXpp dmF0QGFsdW0ubWl0LmVkdTwvYT4NCjxicj4NCiZndDsgJmx0O21haWx0bzo8YSBocmVmPSJtYWls dG86cGt5eml2YXRAYWx1bS4iIHRhcmdldD0iX2JsYW5rIj5wa3l6aXZhdEBhbHVtLjwvYT4uPGEg aHJlZj0iaHR0cDovL21pdC5lZHUiIHRhcmdldD0iX2JsYW5rIj5taXQuZWR1PC9hPiZndDsmZ3Q7 IHdyb3RlOjxicj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7UmlmYWF0LDxi cj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7T24gMy83LzIwIDQ6NDAgUE0s IFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZTo8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsg Jmd0OyBBbGwsPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+DQomZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDsgJmd0OyBUaGlzIG5ldyB2ZXJzaW9uIGFkZHJlc3NlcyB0aGUgbGF0 ZXN0IGNvbW1lbnQgZnJvbSBQYXVsIHJlZ2FyZGluZzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwO3RoZTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7IHRva2VuIHJlcHJlc2Vu dGF0aW9ucy48YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyBQbGVhc2UsIHRha2Ug YSBsb29rIGFuZCBsZXQgdXMga25vdyBpZiB5b3UgaGF2ZSBhbnkgZnVydGhlciBjb21tZW50cy48 YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO1RoaXMgaGVscHMuIEkgc3Rp bGwgZmluZCB0aGUgdmFyaW91cyB1c2VzIG9mICZxdW90O3Rva2VuJnF1b3Q7IGNvbmZ1c2luZyBp biBhIHdheTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO0kgc3VzcGVjdCBpcyB1bm5lY2Vz c2FyeS4gUGFydCBvZiB0aGlzIG1heSBiZSBhIG1hdHRlciBvZiBPQVVUSCBoYXZpbmc8YnI+DQom Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDttdWNoIG1vcmUgbWFjaGluZXJ5IHRoYXQgd2Ugb3VnaHQg dG8gbmVlZCB0byB1bmRlcnN0YW5kIGZvciB0aGlzIGRyYWZ0Ljxicj4NCiZndDsmbmJzcDsgJm5i c3A7ICZuYnNwO0l0IHdvdWxkIGJlIG5pY2UgaWYgdGhpcyBkcmFmdCB3ZXJlIHVuZGVyc3RhbmRh YmxlIHdpdGhvdXQga25vd2luZzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO2Fib3V0PGJy Pg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBpcnJlbGV2YW50IHBhcnRzIG9mIE9B VVRILjxicj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7SSB0aGluayBJIG5v dyB1bmRlcnN0YW5kIHRoYXQgZm9yIHRoZSBtb3N0IHBhcnQgdGhpcyBkb2N1bWVudCBpcyBvbmx5 PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7Y29uY2VybmVkIHdpdGggYWNjZXNzIHRva2Vu cywgYW5kIHRoYXQgaXQgZ2VuZXJhbGx5IGRvZXNuJ3QgbWF0dGVyPGJyPg0KJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7d2hldGhlciB0aGV5IGFyZSBzdHJ1Y3R1cmVkIG9yIHJlZmVyZW5jZS4gVGhl cmUgc2VlbSB0byBiZSBzb21lIGxpbWl0ZWQ8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtz ZWN0aW9ucyB3aGVyZSB5b3UgbmVlZCB0byB0YWxrIGFib3V0IHJlZnJlc2ggdG9rZW5zIGFzIGJl aW5nIG5lZWRlZCB0bzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO3JlZnJlc2ggYSBzdGFs ZSBhY2Nlc3MgdG9rZW4uIEFuZCBzaW1pbGFybHkgdGhlcmUgaXMgYSBsaW1pdGVkIG5lZWQgdG88 YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtkaXN0aW5ndWlzaCBiZXR3ZWVuIHN0cnVjdHVy ZWQgYW5kIHJlZmVyZW5jZSB0b2tlbnMgd2hlbiBkaXNjdXNzaW5nPGJyPg0KJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7c2VjdXJpdHkgY29uc2lkZXJhdGlvbnMuIChJbiB0aGlzIGxhc3QgdXBkYXRl IHlvdSBhbHNvIGFkZGVkIGE8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtyZWZlcmVuY2U8 YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDt0byBJRCB0b2tlbnMuIElJVUMgd2Ugc2hvdWxk bid0IG5lZWQgdG8ga25vdyBhYm91dCB0aGVtIGF0IGFsbC4pPGJyPg0KJmd0OyA8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDtJIGFwcHJlY2lhdGUgdGhhdCB5b3UgYXJlIGRlZXBseSBmYW1p bGlhciB3aXRoIHRoZSBkZXRhaWxzIG9mIE9BVVRIIHRvPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsg Jm5ic3A7dGhlIGV4dGVudCB0aGF0IHlvdSBjYW4ndCBhcHByZWNpYXRlIGhvdyBjb25mdXNpbmcg dGhpcyBjYW4gYmUgdG8gdGhvc2U8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtvZiB1cyB3 aG8gYXJlbid0LiBoZW5jZSB0aGlzIGJlY29tZXMgZnJ1c3RyYXRpbmcgZm9yIGJvdGggb2YgdXMu PGJyPg0KJmd0OyA8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtJIHRoaW5rIGl0IHdvdWxk IGJlIGdvb2QgdG8gaGVhciB3aGF0IG90aGVycyBoYXZlIHRvIHNheSBiZWZvcmU8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDtkZWNpZGluZzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNw O3doYXQgKGlmIGFueSkgb3RoZXIgY2hhbmdlcyBzaG91bGQgYmUgbWFkZS48YnI+DQomZ3Q7IDxi cj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg VGhhbmtzLDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgUGF1bDxicj4NCiZndDsgPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZn dDsgUmVnYXJkcyw8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJz cDtSaWZhYXQ8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsmbmJz cDsgJm5ic3A7ICZuYnNwOyAmZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsg T24gU2F0LCBNYXIgNywgMjAyMCBhdCA0OjM3IFBNICZsdDs8YSBocmVmPSJtYWlsdG86aW50ZXJu ZXQtZHJhZnRzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aW50ZXJuZXQtZHJhZnRzQGlldGYu b3JnPC9hPjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyZsdDttYWlsdG86PGEgaHJlZj0i bWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmludGVybmV0 LWRyYWZ0c0BpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZn dDsgJmx0O21haWx0bzo8YSBocmVmPSJtYWlsdG86aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnIiB0 YXJnZXQ9Il9ibGFuayI+aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPC9hPjxicj4NCiZndDsmbmJz cDsgJm5ic3A7ICZuYnNwOyZsdDttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmludGVybmV0LWRyYWZ0 c0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZzwvYT4m Z3Q7Jmd0OyZndDsgd3JvdGU6PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+ DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFp bGFibGUgZnJvbSB0aGUgb24tbGluZTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO0ludGVy bmV0LURyYWZ0czxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNw OyAmbmJzcDtkaXJlY3Rvcmllcy48YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7VGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRlbSBvZiB0aGUgU2Vzc2lv biBJbml0aWF0aW9uIFByb3RvY29sPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7Q29yZSBX Rzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtv ZiB0aGUgSUVURi48YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7IFRpdGxlJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDs6IFRoaXJkLVBhcnR5IFRva2VuLWJhc2VkIEF1dGhlbnRpY2F0aW9uPGJyPg0KJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO2FuZCBBdXRob3JpemF0 aW9uIGZvciBTZXNzaW9uIEluaXRpYXRpb24gUHJvdG9jb2wgKFNJUCk8YnI+DQomZ3Q7Jm5ic3A7 ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyBBdXRob3JzJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOzogUmlm YWF0IFNoZWtoLVl1c2VmPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgQ2hyaXN0ZXIg SG9sbWJlcmc8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBWaWN0b3IgUGFzY3VhbDxi cj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IEZpbGVuYW1lJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7IDo8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtkcmFmdC1pZXRmLXNpcGNvcmUtc2lw LXRva2VuLWF1dGhuei0xMC50eHQ8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBQYWdlcyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7OiAxNDxicj4NCiZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7IERhdGUmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyA6 IDIwMjAtMDMtMDc8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtBYnN0cmFjdDo8YnI+ DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDtUaGlzIGRvY3VtZW50IGRlZmluZXMgdGhlICZxdW90O0JlYXJlciZxdW90OyBhdXRo ZW50aWNhdGlvbiBzY2hlbWU8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtmb3IgdGhlPGJy Pg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7U2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIChTSVApLCBhbmQgYSBtZWNoYW5p c20gYnk8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDt3aGljaCB1c2VyPGJyPg0KJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 YXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24gYXV0aG9yaXphdGlvbiBpczxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO2RlbGVnYXRlZCB0byBhPGJyPg0KJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7dGhpcmQg cGFydHksIHVzaW5nIHRoZSBPQXV0aCAyLjAgZnJhbWV3b3JrIGFuZCBPcGVuSUQ8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDtDb25uZWN0IENvcmU8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAm bmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsxLjAuJm5ic3A7IFRo aXMgZG9jdW1lbnQgdXBkYXRlcyBSRkMgMzI2MSB0byBwcm92aWRlIGd1aWRhbmNlPGJyPg0KJmd0 OyZuYnNwOyAmbmJzcDsgJm5ic3A7b24gaG93PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO2EgU0lQPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5i c3A7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7VXNlciBBZ2VudCBDbGll bnQgKFVBQykgcmVzcG9uZHMgdG8gYSBTSVAgNDAxLzQwNzxicj4NCiZndDsmbmJzcDsgJm5ic3A7 ICZuYnNwO3Jlc3BvbnNlIHRoYXQ8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtjb250YWlucyBtdWx0aXBsZSBXV1ctQXV0 aGVudGljYXRlL1Byb3h5LUF1dGhlbnRpY2F0ZTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNw O2hlYWRlciBmaWVsZHMuPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+DQom Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNw OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtUaGUgSUVURiBkYXRhdHJhY2tlciBzdGF0dXMgcGFn ZSBmb3IgdGhpcyBkcmFmdCBpczo8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyA8 YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNv cmUtc2lwLXRva2VuLWF1dGhuei8iIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LzwvYT48 YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtUaGVyZSBhcmUgYWxzbyBodG1saXplZCB2 ZXJzaW9ucyBhdmFpbGFibGUgYXQ6PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsg PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1z aXAtdG9rZW4tYXV0aG56LTEwIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL3Rvb2xzLmlldGYu b3JnL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRobnotMTA8L2E+PGJyPg0K Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJz cDs8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYuIiB0YXJnZXQ9Il9ibGFuayI+aHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLjwvYT4ub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lwY29y ZS1zaXAtdG9rZW4tYXV0aG56LTEwPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsm bmJzcDsgJm5ic3A7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyZsdDs8YSBo cmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lw Y29yZS1zaXAtdG9rZW4tYXV0aG56LTEwIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhu ei0xMDwvYT4mZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7QSBkaWZmIGZyb20g dGhlIHByZXZpb3VzIHZlcnNpb24gaXMgYXZhaWxhYmxlIGF0Ojxicj4NCiZndDsmbmJzcDsgJm5i c3A7ICZuYnNwOyAmZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7PGEgaHJlZj0iaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9r ZW4tYXV0aG56LTEwIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlm Zj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEwPC9hPjxicj4NCiZn dDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZndDs8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5i c3A7UGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20g dGhlIHRpbWUgb2Y8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZuYnNwOyAmbmJz cDsgJm5ic3A7c3VibWlzc2lvbjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDt1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUg YXZhaWxhYmxlIGF0PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7PGEgaHJlZj0iaHR0cDov L3Rvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+dG9vbHMuaWV0Zi5vcmc8L2E+ICZsdDs8 YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vdG9v bHMuaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDsmbHQ7PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnIiB0YXJn ZXQ9Il9ibGFuayI+aHR0cDovL3Rvb2xzLmlldGYub3JnPC9hPiZndDsuPGJyPg0KJmd0OyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyZu YnNwOyAmbmJzcDsgJm5ic3A7SW50ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBieSBh bm9ueW1vdXMgRlRQIGF0Ojxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7IDxhIGhy ZWY9ImZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvIiB0YXJnZXQ9Il9ibGFuayI+ ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy88L2E+PGJyPg0KJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7ICZndDs8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0Ozxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDtzaXBjb3JlIG1haWxpbmcgbGlz dDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7IDxhIGhyZWY9Im1haWx0bzpzaXBj b3JlQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwvYT4gJmx0O21h aWx0bzo8YSBocmVmPSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNp cGNvcmVAaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyZsdDtt YWlsdG86PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5z aXBjb3JlQGlldGYub3JnPC9hPiAmbHQ7bWFpbHRvOjxhIGhyZWY9Im1haWx0bzpzaXBjb3JlQGll dGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwvYT4mZ3Q7Jmd0Ozxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2lwY29yZSIgdGFyZ2V0PSJfYmxhbmsiPg0KaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaXBjb3JlPC9hPjxicj4NCiZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmZ3Q7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDs8YnI+ DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmd0OyBfX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmZ3Q7 IHNpcGNvcmUgbWFpbGluZyBsaXN0PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZndDsg PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3Jl QGlldGYub3JnPC9hPiAmbHQ7bWFpbHRvOjxhIGhyZWY9Im1haWx0bzpzaXBjb3JlQGlldGYub3Jn IiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KJmd0OyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZndDsgPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zaXBjb3JlIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmU8L2E+PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5i c3A7ICZndDs8YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwO19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7c2lwY29yZSBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAm bmJzcDs8YSBocmVmPSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNp cGNvcmVAaWV0Zi5vcmc8L2E+ICZsdDttYWlsdG86PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0 Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3JlQGlldGYub3JnPC9hPiZndDs8YnI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDs8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu L2xpc3RpbmZvL3NpcGNvcmUiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9t YWlsbWFuL2xpc3RpbmZvL3NpcGNvcmU8L2E+PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZn dDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+DQom Z3Q7IHNpcGNvcmUgbWFpbGluZyBsaXN0PGJyPg0KJmd0OyA8YSBocmVmPSJtYWlsdG86c2lwY29y ZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8L2E+PGJyPg0KJmd0 OyA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUi IHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3Np cGNvcmU8L2E+PGJyPg0KJmd0OyA8bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_B9D8A02D2AA94AA5B2968D1C95335064ericssoncom_-- From nobody Sun Mar 22 14:33:25 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA1803A053E for ; Sun, 22 Mar 2020 14:33:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.564 X-Spam-Level: X-Spam-Status: No, score=-3.564 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-1.463, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diWOLtmaVmzS for ; Sun, 22 Mar 2020 14:33:20 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70042.outbound.protection.outlook.com [40.107.7.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52F473A047F for ; Sun, 22 Mar 2020 14:33:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U6Q3OpYcZER2o5ucal/YRD0BHn5vlRbQngI0Nkg0l74lRwL/YFIW7FdQAImTUdd38qFChLRYIDfoRbx2fF3W6pIrsmEy7Rc907zvv4iD3wMy5OZBfj/y/+3l1ImpczLdpYnwIo+XttDAxKqkj5WAMOquru8aCrPlsZYBDfkwUnMnhH6ASgN1xbkLt7KxgLfjIjZy+TiovC5j4Ov+gOMpI+byHWRFMx1cULqSpt/ckRM2ePvwRKcq2kDrEO+JwkNSpD5xzCotBzi8/0pZ6sQwtvLPVW/PsdELTOhkeUVvhxzcN6QflSFAxbePmj6JEdgElBFs883ZmF1gdDeJIaGOig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CsRJFPNb0xLb5Km9aQQcletgtS/zfc015VwcuQvo9cI=; b=RM61H9QlTCv81vXQjLt8ayCKGt4uF+NgpkiAZhuzWRPd35ApQXOWgP0Ey4HOBjYePhllE6Xda4GZd/feW01j71SARrX7xQPkuYLDu++QLZvZiL5CzFVu1VUdn152aivZhca6nuMzZEos2pMYnldpVr3sO5V4qtCZTHC/A0oxpnHalHWMYtsKGR2vLWdh/moDxNBiRnasAufprZ/QrroJUmwi1JFqaySmip3DUhxjFp+hdWo0L/BC7cjznq8qttlvjJLoChUVL1VoE2WOTFU5uhjQvdkBqxEVjM6VhQ555mihoDrQ1vrDStjV2FTZo94xoUNrh6n/euKqB5BdlnYdOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CsRJFPNb0xLb5Km9aQQcletgtS/zfc015VwcuQvo9cI=; b=TByGKrVKsU9yuqD435T5pPUHxT58h9zOu3oDIkeK6XiuEoJtBYUajx7S3e0LucuzbXaTBK+fgjVVYxOqZVXVB7fJqk+FJF5aS5WgA5NgbHVzDR1/tCCIgiDwCeZjDIZnWziLorlh6p3DbOnOtRd0xZNsyTjSoGtW4uxG5KPg+Vk= Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (52.134.82.159) by AM0PR07MB4003.eurprd07.prod.outlook.com (52.134.81.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Sun, 22 Mar 2020 21:33:17 +0000 Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512%7]) with mapi id 15.20.2856.003; Sun, 22 Mar 2020 21:33:17 +0000 From: Christer Holmberg To: Paul Kyzivat , "A. Jean Mahoney" , Rifaat Shekh-Yusef CC: SIPCORE Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt Thread-Index: AQHV9Mil8bEoekvAOky0WAsxxpkbVKg9qImAgABV44CACLsfgIAOQVMAgAAkA4CAADwTAA== Date: Sun, 22 Mar 2020 21:33:17 +0000 Message-ID: <93445FCF-D180-44E8-A201-127CF04703DD@ericsson.com> References: <158361705031.18112.120711996540216113@ietfa.amsl.com> <25e8400b-0479-5a93-ba36-697f8af48f87@alum.mit.edu> In-Reply-To: <25e8400b-0479-5a93-ba36-697f8af48f87@alum.mit.edu> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5cf743de-91e6-4ff9-2d2a-08d7cea8a290 x-ms-traffictypediagnostic: AM0PR07MB4003: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0350D7A55D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(366004)(136003)(396003)(376002)(199004)(44832011)(76116006)(91956017)(316002)(33656002)(478600001)(26005)(6512007)(36756003)(186003)(64756008)(66556008)(66476007)(66446008)(66946007)(71200400001)(8676002)(6486002)(110136005)(81156014)(81166006)(5660300002)(4326008)(6506007)(2616005)(86362001)(8936002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4003; H:AM0PR07MB3987.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: KCMGrY4utlDxpod47aGnRqAtzoM1LdvZOY9di9SGeh3u8AI09A5TTAWFuD76v1RyN7bKIOXH1SD0hTmGuoUxtsirfjsNx5G2dtClntDiToxeDn6r7znCeYT+AgJAsa5P0TeVPUPWie3+oAbBwFgQmXkgP6ddsV3DBFSDJfdt1RSDFJa/BTprnu6v1VqRIAreQCM1QdNG1aE6Fg2DISi6vIQOVELXFWo4IotiShFGAWZvfMITJan7qGIpzU0ctwYAbhm3Pi667taFSn32c7hmwbj+pkRuGIaSI9fIhmOrxfL4PD3+IE9QZFfoLoeHDhhS1Sgre2Nn3VVRLTTWbUjtVhivvDwk/RH8UzQHRPGyhqFqvohfn9mTfv2NMvUVjAtoTdMzzDSvZBVqD8kyZCMY6weC484l0TnTZcvjP9tM1q9YLgGjvi/v1yXEv/SZPSvE x-ms-exchange-antispam-messagedata: 6gIK58aCVPowkosRrZUWwK5XgyagJSKArdqlHae0+7AWdjA+RR3sN3ZPNBUYKHmVn1G1z19fTbjsac95bRgTRkOq4OLAijyenlO0COSCKlH/bLqUJPXxo+NlybkbVP1ipcuJKSD8l1l1tQlrkXLunQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5cf743de-91e6-4ff9-2d2a-08d7cea8a290 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2020 21:33:17.2040 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: XO4iyAa8bzz7eTNun/W+s54Qzy/W/fBVnvOXdOiGshsVrwoZtGm87judO11l8MEcr8BVBF/n9/cdAfUTllYowU7Mv9M3Fdf8Xk3Y2dTDYnE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4003 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-10.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2020 21:33:23 -0000 SGksDQoNCi4uLg0KDQogICAgPj4gUHJvcG9zZWQ6DQogICAgPj4gDQogICAgPj4gMS4zIFRva2Vu IFR5cGVzIGFuZCBGb3JtYXRzDQogICAgPj4gDQogICAgPj4gICAgIFRoZSB0b2tlbnMgdXNlZCBp biB0aGlyZC1wYXJ0eSBhdXRob3JpemF0aW9uIGRlcGVuZCBvbiB0aGUgdHlwZSBvZg0KICAgID4+ ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciAoQVMpLg0KICAgID4+IA0KICAgID4+ICAgICBBbiBP QXV0aCBhdXRob3JpemF0aW9uIHNlcnZlciBwcm92aWRlcyB0aGUgZm9sbG93aW5nIHRva2VucyB0 bw0KICAgID4+ICAgICBhIHN1Y2Nlc3NmdWxseSBhdXRob3JpemVkIFVBQzoNCiAgICA+PiANCiAg ICA+PiAgICAgKiAgQWNjZXNzIHRva2VuOiB0aGUgVUFDIHdpbGwgdXNlIHRoaXMgdG9rZW4gdG8g Z2FpbiBhY2Nlc3MNCiAgICA+PiAgICAgICAgdG8gc2VydmljZXMgYnkgcHJvdmlkaW5nIHRoZSB0 b2tlbiB0byBhIFNJUCBzZXJ2ZXIuDQogICAgPj4gDQogICAgPj4gICAgICogIFJlZnJlc2ggdG9r ZW46IHRoZSBVQUMgd2lsbCBwcmVzZW50IHRoaXMgdG9rZW4gdG8gdGhlIEFTDQogICAgPj4gICAg ICAgIHRvIHJlZnJlc2ggYSBzdGFsZSBhY2Nlc3MgdG9rZW4uDQogICAgPj4gDQogICAgPj4gICAg IEFuIE9wZW5JRCBDb25uZWN0IHNlcnZlciByZXR1cm5zIGFuIGFkZGl0aW9uYWwgdG9rZW46DQog ICAgPj4gDQogICAgPj4gICAgICogIElEIFRva2VuOiB0aGlzIHRva2VuIGNvbnRhaW5zIHRoZSBT SVAgVVJJIGFuZCBvdGhlcg0KICAgID4+ICAgICAgICB1c2VyLXNwZWNpZmljIGRldGFpbHMgdGhh dCB3aWxsIGJlIGNvbnN1bWVkIGJ5IHRoZSBVQUMuDQogICAgPj4gDQogICAgPj4gICAgIFRva2Vu cyBjYW4gYmUgcmVwcmVzZW50ZWQgaW4gdHdvIGRpZmZlcmVudCBmb3JtYXRzOg0KICAgID4+IA0K ICAgID4+ICAgICAqICBTdHJ1Y3R1cmVkIHRva2VuOiBhIHRva2VuIHRoYXQgY29uc2lzdHMgb2Yg YSBzdHJ1Y3R1cmVkIG9iamVjdA0KICAgID4+ICAgICAgICB0aGF0IGNvbnRhaW5zIHRoZSBjbGFp bXMgYXNzb2NpYXRlZCB3aXRoIHRoZSB0b2tlbiwgZS5nLiwNCiAgICA+PiAgICAgICAgSlNPTiBX ZWIgVG9rZW4gKEpXVCkgZGVmaW5lZCBpbiBbUkZDNzUxOV0uDQogICAgPj4gDQogICAgPj4gICAg ICogIFJlZmVyZW5jZSB0b2tlbjogYSB0b2tlbiB0aGF0IGNvbnNpc3RzIG9mIGEgcmFuZG9tIHN0 cmluZyB0aGF0IGlzDQogICAgPj4gICAgICAgIHVzZWQgdG8gb2J0YWluIHRoZSBkZXRhaWxzIG9m IHRoZSB0b2tlbiBhbmQgaXRzIGFzc29jaWF0ZWQgY2xhaW1zLA0KICAgID4+ICAgICAgICBhcyBk ZWZpbmVkIGluIFtSRkM2NzQ5XS4NCiAgICA+PiANCiAgICA+PiAgICAgQWNjZXNzIHRva2VucyBj YW4gYmUgcmVwcmVzZW50ZWQgaW4gb25lIG9mIHRoZSBhYm92ZSB0d28gZm9ybWF0cy4NCiAgICA+ PiAgICAgUmVmcmVzaCB0b2tlbnMgdXN1YWxseSBhcmUgcmVwcmVzZW50ZWQgaW4gYSByZWZlcmVu Y2UgZm9ybWF0LCBhcyB0aGlzDQogICAgPj4gICAgIHRva2VuIGlzIGNvbnN1bWVkIG9ubHkgdGhl IEFTIHRoYXQgaXNzdWVkIHRoZSB0b2tlbi4gIFRoZSBJRCBUb2tlbiBpcw0KICAgID4+ICAgICBk ZWZpbmVkIGFzIGEgc3RydWN0dXJlZCB0b2tlbiBpbiB0aGUgZm9ybSBvZiBhIEpXVC4NCiAgICA+ DQogICAgPiBUaGlzIGlzIGdldHRpbmcgbXVjaCBiZXR0ZXIuDQogICAgPg0KICAgID4gSSB0aGlu ayBhIGxvdCBvZiB0aGUgcHJvYmxlbSBpcyB0aGF0IE9BdXRoIGhhcyBiZWVuIHNsb3BweSBpbiBj aG9vc2luZyANCiAgICA+IHRoZWlyIHRlcm1pbm9sb2d5Lg0KICAgID4NCiAgICA+IElJVUMgdGhl cmUgYXJlIG1hbnkgdmFyaWV0aWVzIG9mIHRva2VuLCB2YXJ5aW5nIGluIGF0IGxlYXN0IHR3byBk aW1lbnNpb25zOg0KICAgID4NCiAgICA+IC0gUHVycG9zZTogQWNjZXNzLCBSZWZyZXNoLCBJRA0K ICAgID4NCiAgICA+IC0gRm9ybWF0OiBTdHJ1Y3R1cmVkLCBSZWZlcmVuY2UNCiAgICA+DQogICAg PiBCdXQgaXQgc2VlbXMgdGhhdCB0aGUgbm9tZW5jbGF0dXJlIGlzIHVzaW5nICIocHJlZml4KSBU b2tlbiIgdG8gZGVzY3JpYmUgDQogICAgPiBib3RoLiBTbyB3aGVuIHJlZmVycmluZyB0byAiQWNj ZXNzIFRva2VuIiBpdCBpcyB1bnNwZWNpZmllZCB3aGV0aGVyIGl0IA0KICAgID4gaXMgU3RydWN0 dXJlZCBvciBSZWZlcmVuY2UsIGFuZCB3aGVuIHJlZmVycmluZyB0byAiUmVmZXJlbmNlIFRva2Vu IiBpdCANCiAgICA+IGlzIHVuc3BlY2lmaWVkIHdoZXRoZXIgaXQgaXMgQWNjZXNzLCBSZWZyZXNo LCBvciBJRC4NCiAgICA+DQogICAgPiBJbiBtYW55IGNhc2VzIHRoaXMgbWF5IGJlIGNsZWFyIGZy b20gY29udGV4dCBvbmNlIGFsbCB0aGlzIGlzIGNsZWFyIHRvIA0KICAgID4gdGhlIHJlYWRlci4g QnV0IG1heWJlIHRoZXJlIGlzIHJvb20gdG8gYmUgbW9yZSBleHBsaWNpdCwgc3VjaCBhczogDQog ICAgPiBTdHJ1Y3R1cmVkIEFjY2VzcyBUb2tlbiwgb3IgZXZlbiAoU3RydWN0dXJlZCBvciBSZWZl cmVuY2UpIEFjY2VzcyBUb2tlbg0KDQpJZiBpdCwgZm9yIHdoYXQgd2UgYXJlIGRlc2NyaWJpbmcs IGRvZXMgbm90IG1hdHRlciB3aGV0aGVyIGFuIGFjY2VzcyB0b2tlbiBpcyBTdHJ1Y3R1cmVkIG9y IFJlZmVyZW5jZSwgdGhlcmUgaXMgbm8gbmVlZCB0byBiZSBleHBsaWNpdC4NCg0KRm9yIGV4YW1w bGUsIHdoZW4gd2UgdGFsayBhYm91dCBzZW5kaW5nIFNJUCByZXF1ZXN0cywgd2UgZG9uJ3QgZXhw bGljaXRseSBzYXkgd2hldGhlciB0aGV5IGFyZSBzZW50IG92ZXIgVURQIG9yIFRDUCAtIHVubGVz cyB3aGF0IHdlIGFyZSBkZXNjcmliaW5nIGlzIHNwZWNpZmljIHRvIFVEUCBvciBUQ1AgdHJhbnNw b3J0Lg0KDQpSZWdhcmRzLA0KDQpDaHJpc3Rlcg0KDQogDQoNCg== From nobody Mon Mar 23 17:10:02 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22AC13A0F40; Mon, 23 Mar 2020 17:10:00 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.122.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <158500860004.2351.8523147736186811547@ietfa.amsl.com> Date: Mon, 23 Mar 2020 17:10:00 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-11.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 00:10:00 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-11.txt Pages : 14 Date : 2020-03-23 Abstract: This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-11 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Mar 23 17:17:29 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D4A3A0E2E for ; Mon, 23 Mar 2020 17:17:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAtDyg55NPgh for ; Mon, 23 Mar 2020 17:17:23 -0700 (PDT) Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9113A0ED7 for ; Mon, 23 Mar 2020 17:17:22 -0700 (PDT) Received: by mail-io1-xd31.google.com with SMTP id h131so16414153iof.1 for ; Mon, 23 Mar 2020 17:17:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=/jRFaNCfV8XH5rSWEaTl9UmKLGIX0VnbSyAsl3abq7k=; b=pUz4klpXFQBI81fQRdPBxvoXi2DkM3rPy52tR7zmt7OP9ZmKezX5o5nZtw/w1/199a j4g1dKVH/1lmmrYI28HeZFAvagZ0hJODbaG/pypu4JDvVHHi/7ZbIgkrCMHMqd/68fjZ TgveXN+yQ37uMv5uH7UMS9E7jyq+6+aHF8bWfwcP8iYMY0PCwj4Z9f0NWgDXS2M5pUFA U9iQ8scAIXzqTDsVUOnU8hiM+l60qeYlPGSW34awFNsyUc39z302MhuHlofdHZpuC7g/ VZVjvOgZhKPOrJgfq2sGujeyF3jaFJbo+gIbTc2GAMUS6GGbDbJGJt72FQKYD7a/jIHP SJGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=/jRFaNCfV8XH5rSWEaTl9UmKLGIX0VnbSyAsl3abq7k=; b=g9KJvdRGPmDBGoce8XGfTz+H2u5lPQo4xStBUCMaLSrS1rfbO6ylwUIl/iSIUvtvUH DRWXU403aBL/Sv3uI4fSJ/mskKq9unqwzIFYjGZP2njM42d7J2pLhFu6gnqsHocn5dku +GpteRobvpUwZNm7gJJ/LpJbiB2Kcj3ppYyjA6rpVRuHihI2HP08HLuI1v/owv04Nv26 wCSIj311OrBi/L59iR8jTXOYgcAJMkSkyG57p3ypJtKkXMSiBkySEb9bZ4olxGmzKX20 isLIvtZrOOc8PEsU2uNbLUEuprdE9O9OLyEjgzuJVk7xc2nOD+PtZicgc274BNeAycOv 8u7A== X-Gm-Message-State: ANhLgQ0KDfkWIoURa7IFKvI1LnJ7z05irkG+8RzjEu9SxPQoQA4M2gEL DbyNJva/97tFH9pxf3AFwJJ2flTd+zwV2Sw9Wc/fdsbm X-Google-Smtp-Source: ADFU+vuQDjcnczI5LFRjMmFWWWHjlG/k3d+wUeUkz2cy+ZYMxUCR6cumymNvgoANUJ7V+nNEEnmoNnVlAySgDouh8xw= X-Received: by 2002:a02:6042:: with SMTP id d2mr11643111jaf.121.1585009041887; Mon, 23 Mar 2020 17:17:21 -0700 (PDT) MIME-Version: 1.0 References: <158500860004.2351.8523147736186811547@ietfa.amsl.com> In-Reply-To: <158500860004.2351.8523147736186811547@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Mon, 23 Mar 2020 20:17:11 -0400 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="000000000000e8550f05a18eac83" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-11.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 00:17:26 -0000 --000000000000e8550f05a18eac83 Content-Type: text/plain; charset="UTF-8" All, This version of the document incorporates Jean's suggested text. Hope this helps clarify the different token types and formats. Note that section 3 already explains what should the registrar do when it receives an access token with either of these formats. Regards, Rifaat On Mon, Mar 23, 2020 at 8:10 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-11.txt > Pages : 14 > Date : 2020-03-23 > > Abstract: > This document defines the "Bearer" authentication scheme for the > Session Initiation Protocol (SIP), and a mechanism by which user > authentication and SIP registration authorization is delegated to a > third party, using the OAuth 2.0 framework and OpenID Connect Core > 1.0. This document updates RFC 3261 to provide guidance on how a SIP > User Agent Client (UAC) responds to a SIP 401/407 response that > contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-11 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-11 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-11 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000e8550f05a18eac83 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

This version of the document incor= porates Jean's suggested text.
Hope this helps clarify the di= fferent token types and formats.

Note that section= 3 already explains what should the registrar do when it receives an access= token with either of these formats.

Regards,
=C2=A0Rifaat


On Mon, Mar 23, 2020 at 8:10 PM <= internet-drafts@ietf.org>= ; wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-11.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-03-23

Abstract:
=C2=A0 =C2=A0This document defines the "Bearer" authentication sc= heme for the
=C2=A0 =C2=A0Session Initiation Protocol (SIP), and a mechanism by which us= er
=C2=A0 =C2=A0authentication and SIP registration authorization is delegated= to a
=C2=A0 =C2=A0third party, using the OAuth 2.0 framework and OpenID Connect = Core
=C2=A0 =C2=A01.0.=C2=A0 This document updates RFC 3261 to provide guidance = on how a SIP
=C2=A0 =C2=A0User Agent Client (UAC) responds to a SIP 401/407 response tha= t
=C2=A0 =C2=A0contains multiple WWW-Authenticate/Proxy-Authenticate header f= ields.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-11
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-11

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-11


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000e8550f05a18eac83-- From nobody Tue Mar 24 10:42:04 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82FC53A0DE2 for ; Tue, 24 Mar 2020 10:41:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtcqgLiixuFQ for ; Tue, 24 Mar 2020 10:41:43 -0700 (PDT) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0621.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CD363A0DE9 for ; Tue, 24 Mar 2020 10:41:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z9XfqXs33p5X7a1Qe8GdKoo6HtKmKvguHe3O3xfozBm/GDuPVvkgmYyuktfCT3LRowcpWVS9CwS0Rt4Z0dJ2vX6sXzZTcoywXA4JSf2/oPHpvxBfbgr7ZtDOVLBpcSz6pAsOjEsufLPTyq/9OTvY5uVNMeTPEPTnKzFrCK1B7ucOiamzN6pGqvTsnAKOZgZpLzwwaV2YXFzf7qh63LgC7gj1BJqsoy5yqcI1g6qEYxeCZKq6IPSmjqXvrdGQZSt2xeT3ZzhgJpulWqcw86BabA5kHNnYysGBXuC7cB0qu/NN7CCn7x5KUFrH/tjVHkvgOeSsO+Rbs6c5H7mRTATxVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YPg1EwmQF+9vaYqRJdxkHgc37KwVnlGFupHHZ9WKoOU=; b=I0hG081PfJKd6J50LJGePNBhirziZNyU1+LUYVHkrYqDS7onReDDtLiM/ceFFph4Z6vLL4iwP/IH3jqTiiC0gU0+9bhrZcsedC58nC+Yh8tleBWlSPhnk0a/czM18BL5YQ2JeMzXZIGwlc/v4MyTNobCVwlydjwe+S+YGoVqpTKKm3RimKIm2F0AKFdlnnfJd4nJ3gQCHebZLxa+2YQUjfiEXFrb0b15CFtyx3+LHVukmsOZx7fCojMs6WAGE4bezV/gN1EFDO9oTXkBtIJzL1ykfFjWKs6rj7cCL2yD2wQdVzEAcQurTT1KrlCan/1b+kj3g3EJ1GzO8rMR9P2PSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YPg1EwmQF+9vaYqRJdxkHgc37KwVnlGFupHHZ9WKoOU=; b=G0UtLf32WdtAVEP44FoocLZf6GPd4cTP3AXCdX6zzodvbm3qnWeg3/QTpOG+FGVjGmpxWU8nnPEk5+yY8tIVEQ316vrP+u1GnBUyYIkryaQbbVhDo5e8ezxYg2JCpVZhTIlFFs5hdA/c4Pgo1Zooay7vPv1iKIiyqKflc/Xj+kU= Received: from DM5PR06CA0030.namprd06.prod.outlook.com (2603:10b6:3:5d::16) by CH2PR12MB3813.namprd12.prod.outlook.com (2603:10b6:610:2c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Tue, 24 Mar 2020 17:41:17 +0000 Received: from SN1NAM02FT038.eop-nam02.prod.protection.outlook.com (2603:10b6:3:5d:cafe::72) by DM5PR06CA0030.outlook.office365.com (2603:10b6:3:5d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.15 via Frontend Transport; Tue, 24 Mar 2020 17:41:17 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT038.mail.protection.outlook.com (10.152.72.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13 via Frontend Transport; Tue, 24 Mar 2020 17:41:17 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 02OHfEkl019992 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Tue, 24 Mar 2020 13:41:15 -0400 To: sipcore@ietf.org References: <158500860004.2351.8523147736186811547@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <903a1aef-0480-c746-401d-2630ffb03fd1@alum.mit.edu> Date: Tue, 24 Mar 2020 13:41:14 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(136003)(396003)(46966005)(786003)(31686004)(47076004)(8936002)(66574012)(8676002)(7596002)(75432002)(966005)(26005)(5660300002)(26826003)(478600001)(2906002)(246002)(336012)(186003)(53546011)(956004)(36906005)(316002)(6916009)(86362001)(70586007)(70206006)(2616005)(356004)(31696002); DIR:OUT; SFP:1101; SCL:1; SRVR:CH2PR12MB3813; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f0830723-e71a-45b9-2797-08d7d01a8e71 X-MS-TrafficTypeDiagnostic: CH2PR12MB3813: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 03524FBD26 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ONkkNFBYloZ4NMIzM/hKQN7S5D/Mj+DPCW2BqwtIyfvxEviNUSX1JJQBrqBX+EKSPG42sd540fpmPStclHrjU8m3bUnfmPsrf/Zum0x7ISgMWCslKalBwIlW9OP5CDW/4oCE+QJYqmz8gtxsh5Z0qqiZNBKpoOFA8d9IHWqzvWZfZRSBzFgHu3tWx55AAq98lhdzxTd+yPXqLc+eSYR4bfCuXHZvsmZnqcHtu5h2z39J2kiEKUuNYyZmELOuWALhn+lfAhawtDv242jo/Da6Zs1SMyer0eLhHe67P1eSQNZnsNkmbbvbW2Cktlpnya9xSt6njxqaul5+Ar1dLOsLpNyQMxHCOyJwqfSRvjESdx065GDUIm7t0UT+ZrB93g7+nlKk5+YlwU9CfMBwYnGoKlH4PKq1zNY7dx8P6Fu2eJoLomD5CbUZWgAm68aXicqjoW2rqwzK5++jECe//UA8ZGDyMUyQl9L3zcJnJhbnyKZmx9dACNEVLIsgUrgomC0JqZJx4wazsmrKlkYUN90N2ayFO305hbEKvDeihT45S4UscYhK94Rb2PI/YU2xd77m8FNtN/U+7v0xlmy63A5EKg== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2020 17:41:17.0979 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f0830723-e71a-45b9-2797-08d7d01a8e71 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3813 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-11.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 17:42:03 -0000 Rifaat, This is much better! The things I found confusing now seem clear. Just a few nits I came across while reviewing this version. In section 1.3: s/represnetd/represented/ In section 1.4.2, the following: In step [2], the UAC retries the registration process by sending a new REGISTER request that includes the access token that the UAC obtained previously. says "retries", but [2] is actually the first try. I guess this is just a cut/paste error from 1.4.1. In section 2.2: ... MUST validate the access token, using the procedures associated with the type of access token used, e.g. [RFC7519]. ... I think it would be helpful to explain which types you are talking about. E.g., ... MUST validate the access token, using the procedures associated with the type of access token (Structured or Reference) used, e.g. [RFC7519]. ... Thanks, Paul On 3/23/20 8:17 PM, Rifaat Shekh-Yusef wrote: > All, > > This version of the document incorporates Jean's suggested text. > Hope this helps clarify the different token types and formats. > > Note that section 3 already explains what should the registrar do when > it receives an access token with either of these formats. > > Regards, >  Rifaat > > > On Mon, Mar 23, 2020 at 8:10 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-11.txt >         Pages           : 14 >         Date            : 2020-03-23 > > Abstract: >    This document defines the "Bearer" authentication scheme for the >    Session Initiation Protocol (SIP), and a mechanism by which user >    authentication and SIP registration authorization is delegated to a >    third party, using the OAuth 2.0 framework and OpenID Connect Core >    1.0.  This document updates RFC 3261 to provide guidance on how > a SIP >    User Agent Client (UAC) responds to a SIP 401/407 response that >    contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-11 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-11 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-11 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Tue Mar 24 11:11:55 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20B033A089F for ; Tue, 24 Mar 2020 11:11:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 57okIHeWKPKj for ; Tue, 24 Mar 2020 11:11:50 -0700 (PDT) Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B027B3A0746 for ; Tue, 24 Mar 2020 11:11:50 -0700 (PDT) Received: by mail-il1-x131.google.com with SMTP id a6so5276175ilr.4 for ; Tue, 24 Mar 2020 11:11:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ca6ZTZMmUMq6lsT0mSPHc7gt6x0q/uvhD+dHUwr3Kxw=; b=s+s+SJDFaVKdUdgqQpsAO68Oacl0Sp1Fl/PM/RlelFJ8HiVsj2crw0fBTMA1yUP1z4 qbQRgDqZJ+SAeeLnkcJ6VC23oFaBqu4BrC6+vmuRXyDk9HdUXFdBRM50ByFu1UyB0w4e NJ03LdjGZyry6ZVOv3xg27JmBLIS9tU19flvP5m7eg8tFfCtNotZiM08mVs8b46g4ppB +olqxFkWSHNl14ZF0aAsk9JnxM3JW3uIBrW9Yzd+q+pt9C98gk1ewQEiS5syoGSUa+oI AOvTmmBtX5UblSHeyQXSTQvbIbm9a6AzNimFRdaIUkHA/ZBwsf6blM+pn2PqvB9O7axb ApAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ca6ZTZMmUMq6lsT0mSPHc7gt6x0q/uvhD+dHUwr3Kxw=; b=VdM09t8i4t4+EOWCIZV3IQq4E3rIz/WXkFfcyfjTcqcg2MAn8ztkmR/yG6hlEKaA/l 0Xo8LKk6z8lxuW1boT+9jRaZ7+Cc53X+X9MYHPv9MiJ+Bs69Fzx9SGGbZ/GZOw+jraDj OmGN4vutVqH414GSiv0J6OxeNMxO5rUNaiu0Hf34BJore+kxAQUAihx4ryLnDn+GknSJ L5jHYJCLlZWeFoyYnVlb5topUkFR+y0jiq1pfekOkVhy3Jt9QWnSy2jaNLHMzH2iv2hf hMEeRq4IXWtFZc58UwP87wxCz32ediquUwEbqZJtNcjQYilYdVFW8P94GOvuFo16U4+U NAuQ== X-Gm-Message-State: ANhLgQ0mm6zzrlQYtPriw5PlT8c4JyNlMXgHQ073zetyIFgIFyMyd6qY s+MM/imAkBcfIOUoCgOTvh+pOnmDAQSjM9K2TAQ= X-Google-Smtp-Source: ADFU+vtjZ1DWG1LiDagyt7CuiHGMZrQwDlk2UET5XTTlRGHHuHNU5f5MGestmndTb1I4rZ5pmgGquY6KRxSVudHvu9k= X-Received: by 2002:a92:5f98:: with SMTP id i24mr27877636ill.73.1585073509947; Tue, 24 Mar 2020 11:11:49 -0700 (PDT) MIME-Version: 1.0 References: <158500860004.2351.8523147736186811547@ietfa.amsl.com> <903a1aef-0480-c746-401d-2630ffb03fd1@alum.mit.edu> In-Reply-To: <903a1aef-0480-c746-401d-2630ffb03fd1@alum.mit.edu> From: Rifaat Shekh-Yusef Date: Tue, 24 Mar 2020 14:11:40 -0400 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="00000000000081017705a19daf62" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-11.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 18:11:53 -0000 --00000000000081017705a19daf62 Content-Type: text/plain; charset="UTF-8" Thanks Paul! I will fix these and submit a new version later today. Regards, Rifaat On Tue, Mar 24, 2020 at 1:43 PM Paul Kyzivat wrote: > Rifaat, > > This is much better! The things I found confusing now seem clear. > > Just a few nits I came across while reviewing this version. > > In section 1.3: s/represnetd/represented/ > > In section 1.4.2, the following: > > In step [2], the UAC retries the registration process by sending a > new REGISTER request that includes the access token that the UAC > obtained previously. > > says "retries", but [2] is actually the first try. I guess this is just > a cut/paste error from 1.4.1. > > In section 2.2: > > ... > MUST validate the access token, using the procedures associated with > the type of access token used, e.g. [RFC7519]. ... > > I think it would be helpful to explain which types you are talking > about. E.g., > > ... > MUST validate the access token, using the procedures associated with > the type of access token (Structured or Reference) used, e.g. > [RFC7519]. ... > > Thanks, > Paul > > > On 3/23/20 8:17 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > This version of the document incorporates Jean's suggested text. > > Hope this helps clarify the different token types and formats. > > > > Note that section 3 already explains what should the registrar do when > > it receives an access token with either of these formats. > > > > Regards, > > Rifaat > > > > > > On Mon, Mar 23, 2020 at 8:10 PM > > wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Session Initiation Protocol Core WG > > of the IETF. > > > > Title : Third-Party Token-based Authentication > > and Authorization for Session Initiation Protocol (SIP) > > Authors : Rifaat Shekh-Yusef > > Christer Holmberg > > Victor Pascual > > Filename : draft-ietf-sipcore-sip-token-authnz-11.txt > > Pages : 14 > > Date : 2020-03-23 > > > > Abstract: > > This document defines the "Bearer" authentication scheme for the > > Session Initiation Protocol (SIP), and a mechanism by which user > > authentication and SIP registration authorization is delegated > to a > > third party, using the OAuth 2.0 framework and OpenID Connect > Core > > 1.0. This document updates RFC 3261 to provide guidance on how > > a SIP > > User Agent Client (UAC) responds to a SIP 401/407 response that > > contains multiple WWW-Authenticate/Proxy-Authenticate header > fields. > > > > > > The IETF datatracker status page for this draft is: > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-11 > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-11 > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-11 > > > > > > A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-11 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org > > . > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --00000000000081017705a19daf62 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Paul!

I will fi= x these and submit a new version later today.

Rega= rds,
=C2=A0Rifaat


On Tue, Mar 24, 2020 at 1:4= 3 PM Paul Kyzivat <pkyzivat@alu= m.mit.edu> wrote:
Rifaat,

This is much better! The things I found confusing now seem clear.

Just a few nits I came across while reviewing this version.

In section 1.3: s/represnetd/represented/

In section 1.4.2, the following:

=C2=A0 =C2=A0 In step [2], the UAC retries the registration process by send= ing a
=C2=A0 =C2=A0 new REGISTER request that includes the access token that the = UAC
=C2=A0 =C2=A0 obtained previously.

says "retries", but [2] is actually the first try. I guess this i= s just
a cut/paste error from 1.4.1.

In section 2.2:

=C2=A0 =C2=A0 ...
=C2=A0 =C2=A0 MUST validate the access token, using the procedures associat= ed with
=C2=A0 =C2=A0 the type of access token used, e.g.=C2=A0 [RFC7519]. ...

I think it would be helpful to explain which types you are talking
about. E.g.,

=C2=A0 =C2=A0 ...
=C2=A0 =C2=A0 MUST validate the access token, using the procedures associat= ed with
=C2=A0 =C2=A0 the type of access token (Structured or Reference) used, e.g.=
=C2=A0 =C2=A0 [RFC7519]. ...

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul


On 3/23/20 8:17 PM, Rifaat Shekh-Yusef wrote:
> All,
>
> This version of the document incorporates Jean's suggested text. > Hope this helps clarify the different token types and formats.
>
> Note that section 3 already explains what should the registrar do when=
> it receives an access token with either of these formats.
>
> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Mon, Mar 23, 2020 at 8:10 PM <internet-drafts@ietf.org
> <mailto:internet-drafts@ietf.org>> wrote:
>
>
>=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is available from the on-line = Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0This draft is a work item of the Session Initiation= Protocol Core WG
>=C2=A0 =C2=A0 =C2=A0of the IETF.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based Authentication
>=C2=A0 =C2=A0 =C2=A0and Authorization for Session Initiation Protocol (= SIP)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer Holmberg
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor Pascual
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 = =C2=A0 =C2=A0 : draft-ietf-sipcore-sip-token-authnz-11.txt
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 : 2020-03-23
>
>=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This document defines the "Beare= r" authentication scheme for the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Session Initiation Protocol (SIP), an= d a mechanism by which user
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authentication and SIP registration a= uthorization is delegated to a
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0third party, using the OAuth 2.0 fram= ework and OpenID Connect Core
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01.0.=C2=A0 This document updates RFC = 3261 to provide guidance on how
>=C2=A0 =C2=A0 =C2=A0a SIP
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0User Agent Client (UAC) responds to a= SIP 401/407 response that
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0contains multiple WWW-Authenticate/Pr= oxy-Authenticate header fields.
>
>
>=C2=A0 =C2=A0 =C2=A0The IETF datatracker status page for this draft is:=
>=C2=A0 =C2=A0 =C2=A0https:/= /datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
>
>=C2=A0 =C2=A0 =C2=A0There are also htmlized versions available at:
>=C2=A0 =C2=A0 =C2=A0https://to= ols.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-11
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-11
>=C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-auth= nz-11>
>
>=C2=A0 =C2=A0 =C2=A0A diff from the previous version is available at: >=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-11
>
>
>=C2=A0 =C2=A0 =C2=A0Please note that it may take a couple of minutes fr= om the time of
>=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0until the htmlized version and diff are available a= t to= ols.ietf.org
>=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org>.
>
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also available by anonymous FTP= at:
>=C2=A0 =C2=A0 =C2=A0ftp://ftp.ietf.org/internet-drafts/ >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--00000000000081017705a19daf62-- From nobody Tue Mar 24 11:56:21 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 00F733A0CEA; Tue, 24 Mar 2020 11:56:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.122.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <158507617089.11617.13752333651706106065@ietfa.amsl.com> Date: Tue, 24 Mar 2020 11:56:10 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-12.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 18:56:12 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-12.txt Pages : 14 Date : 2020-03-24 Abstract: This document defines the "Bearer" authentication scheme for the Session Initiation Protocol (SIP), and a mechanism by which user authentication and SIP registration authorization is delegated to a third party, using the OAuth 2.0 framework and OpenID Connect Core 1.0. This document updates RFC 3261 to provide guidance on how a SIP User Agent Client (UAC) responds to a SIP 401/407 response that contains multiple WWW-Authenticate/Proxy-Authenticate header fields. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-12 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Mar 24 12:01:08 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 667CF3A1255 for ; Tue, 24 Mar 2020 12:00:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BNMkqJNm665r for ; Tue, 24 Mar 2020 12:00:46 -0700 (PDT) Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 182243A1229 for ; Tue, 24 Mar 2020 12:00:46 -0700 (PDT) Received: by mail-il1-x12a.google.com with SMTP id f16so8424255ilj.9 for ; Tue, 24 Mar 2020 12:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ND/d+PPpXk0b78UhByk4UmRrc/RI33Ddj6Awr/TvN50=; b=dFCf7ZhVt/erSVhzswVFOMMRqHIEffup4DwY1ELp49JcaVs6Idd+SAiiPEnEVByon+ vo8LQSNujaWWXMHFogrSiZR952Ex4QqcXIKoj5wB2H2+/o9zjmqJvqvqTcjSebX7eSLG CJW2XCRmCq9WUdvVMlzmK9f62D6Ec0qHwj9vB2DJwsTNWQLgAJgjMXY373q1H4+O1j1v 5+XL6Zv1wf8Dvv0VXfY5NY1/jnZaqfskRBy4uyIbEC7q8l7Gm33T6SZglvetFOdcVbZw EoMP6oxgZlUXQ2/MsQiJAJ0bIjF2CUcSiFbZ8sMJKsE5UILwL/+3gmN0lvPMaQukaHd0 QPYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ND/d+PPpXk0b78UhByk4UmRrc/RI33Ddj6Awr/TvN50=; b=r33yxv2380L7uIKgV/T36qc8l34ZIkH6nX3PCDNYuatK39Hj0dluRcesRhqAETMR8U bXU3H9zjvz3nUDYZVSlWgYWayEArYasMasFQZUuAU3GVUEuNUEmtbfBiKkYGfVos6hAp yUraARNislT5toZCjfsIUu5NiB+dlEVMgf8SWKA/YanyIkSh/ib3oObCg1djW4PKOkAU 7BPtSBHCdFiFdvpmtBCLfEdMk2ja6S8lDxQtFbefLoFpDn+R0dVglgcAYgwXV3jklX0c q0ToHw+PzPRacbQQ3gQ9fQJEiB9hNjQDM0Ja2++cXzJ4uGu0eZIJQlraouJGgEZkqxQN 4/pw== X-Gm-Message-State: ANhLgQ1SLBHA9CltUQd8pj2KIOX91j+YS9IxSy9Hr20bugjzOU1yuVHa nM7W5GreoSIJdtjXC9TCpFwEunwNAI2A08+eIDjlIg== X-Google-Smtp-Source: ADFU+vtyFqbmJINms+TGpxazKWrK2UgySLwEcVpfnq8nAIWNySlBRrQJ3yLty5VkvBvPsStftGvBKfSKpgBFnnZASeI= X-Received: by 2002:a92:5d8f:: with SMTP id e15mr4450780ilg.255.1585076438807; Tue, 24 Mar 2020 12:00:38 -0700 (PDT) MIME-Version: 1.0 References: <158507617089.11617.13752333651706106065@ietfa.amsl.com> In-Reply-To: <158507617089.11617.13752333651706106065@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Tue, 24 Mar 2020 15:00:28 -0400 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="000000000000149aae05a19e5e69" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-12.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 19:01:06 -0000 --000000000000149aae05a19e5e69 Content-Type: text/plain; charset="UTF-8" All, We believe that with this version we have addresses all the comments we received and that the document is ready to move forward. Please, take a look and let us know if you have any further comments. Regards, Rifaat On Tue, Mar 24, 2020 at 2:58 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-12.txt > Pages : 14 > Date : 2020-03-24 > > Abstract: > This document defines the "Bearer" authentication scheme for the > Session Initiation Protocol (SIP), and a mechanism by which user > authentication and SIP registration authorization is delegated to a > third party, using the OAuth 2.0 framework and OpenID Connect Core > 1.0. This document updates RFC 3261 to provide guidance on how a SIP > User Agent Client (UAC) responds to a SIP 401/407 response that > contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-12 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-12 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-12 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000149aae05a19e5e69 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

We believe=C2=A0that with this ver= sion we have addresses all the comments we received=C2=A0and that the docum= ent is ready to move=C2=A0forward.
Please, take a look and let us= know if you=C2=A0have any further comments.

Regar= ds,
=C2=A0Rifaat


On Tue, Mar 24, 2020 at 2:58= PM <internet-drafts@ietf.or= g> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-12.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2020-03-24

Abstract:
=C2=A0 =C2=A0This document defines the "Bearer" authentication sc= heme for the
=C2=A0 =C2=A0Session Initiation Protocol (SIP), and a mechanism by which us= er
=C2=A0 =C2=A0authentication and SIP registration authorization is delegated= to a
=C2=A0 =C2=A0third party, using the OAuth 2.0 framework and OpenID Connect = Core
=C2=A0 =C2=A01.0.=C2=A0 This document updates RFC 3261 to provide guidance = on how a SIP
=C2=A0 =C2=A0User Agent Client (UAC) responds to a SIP 401/407 response tha= t
=C2=A0 =C2=A0contains multiple WWW-Authenticate/Proxy-Authenticate header f= ields.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-12
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-12

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-12


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000149aae05a19e5e69-- From nobody Wed Mar 25 06:20:01 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D253A0C02 for ; Wed, 25 Mar 2020 06:19:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.463 X-Spam-Level: X-Spam-Status: No, score=-3.463 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.463, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T53JAy-cneLV for ; Wed, 25 Mar 2020 06:19:46 -0700 (PDT) Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2084.outbound.protection.outlook.com [40.107.94.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C86923A0C80 for ; Wed, 25 Mar 2020 06:19:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m3Bsijygh/uOvs8hpVxirTcqamLw9smSCVYLBU9aVRUyaFLNmM+RjTopyB5KZDkAQ41r2Gj5t1Z/xr2d0y/cIUk1I0jyOBcTLOg0qj+kurBT4/GB9uLmygsZtLiwGxm/MxdK78jOrDgL+ZWelUFyC0LwBajLbMTKdsbo5ZG7I4VOzBYluCZyqEeZcooYUsNBmWFjKNHKknf3G9G6O649k8VxvrVm3I5jGj8m+Iz6R+3gGgrT2UyJXFRSGBk9YvIZUKmJnkE1dnE/bLgyCeNUIKtgg6SudLaUb6pn5X8XgO5FPCY0tBqYaYO/BqVaa+axC0ee807EmxaKnLBThnGrUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zd3CW57+tSzdj7z8o01r+a0813srbjzaPrpqMtKt/3A=; b=Ee4D3/ZmmHcHwRtqrZyzy59EcMvPJyfexTIewVvXsJF3RCU/ypFxbwMsDQMoDLSpXGvXkUqlhAm/RpPDAOkg0qJU5ZOLPoyzSRk4iOrK0r7Z+Sg0TA9pplk85JdKVIvo+XO05JQO9J90RfRxezkAyy6aQ1RWhuZyiMev6nDcFAthG2VOeV1NRfgkYM2pDA5UUSMfELsTQnnMm2TIVqhtYGmnAwcg54IZEjJU3VRIyK+Lg25++dyfJJREKgWwTK3pDRfEGwMcUgMLtxFg7LO4crSGKIvZ6Bs6vlRhXsQduIm1dMmB+irR5yMHVJf/Fozhqbr66G8om4eXZAxcZXxkEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zd3CW57+tSzdj7z8o01r+a0813srbjzaPrpqMtKt/3A=; b=H7uZzc0uY1MXkKBqT+9d1JptNkKS+buVW6wOwjREbvYEA9M0BWa1fcd+Z5efuB223gvLrB0hqIn925Pcn+hf0NzEjVBL6EBxocoUThtzaMCvBqPqtA1Z4TtZIItGRA4tOjhS4cQ9f9fs/zgQYYno0hPo9aegNNFMx+BOxoQcI4s= Received: from CY4PR18CA0055.namprd18.prod.outlook.com (2603:10b6:903:13f::17) by CH2PR12MB3864.namprd12.prod.outlook.com (2603:10b6:610:25::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Wed, 25 Mar 2020 13:19:45 +0000 Received: from CY1NAM02FT029.eop-nam02.prod.protection.outlook.com (2603:10b6:903:13f:cafe::ff) by CY4PR18CA0055.outlook.office365.com (2603:10b6:903:13f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20 via Frontend Transport; Wed, 25 Mar 2020 13:19:44 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT029.mail.protection.outlook.com (10.152.75.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Wed, 25 Mar 2020 13:19:44 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 02PDJgFF022693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Wed, 25 Mar 2020 09:19:43 -0400 To: sipcore@ietf.org References: <158507617089.11617.13752333651706106065@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <36d3574c-6dda-225b-cb2b-740f7bf749e2@alum.mit.edu> Date: Wed, 25 Mar 2020 09:19:42 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(396003)(346002)(376002)(136003)(46966005)(2616005)(70206006)(956004)(82740400003)(36906005)(316002)(186003)(336012)(478600001)(2906002)(5660300002)(786003)(26826003)(70586007)(26005)(75432002)(53546011)(86362001)(47076004)(8676002)(7596002)(66574012)(6916009)(31696002)(966005)(8936002)(246002)(356004)(31686004); DIR:OUT; SFP:1101; SCL:1; SRVR:CH2PR12MB3864; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d3d81573-a7fa-4c53-0977-08d7d0bf2f53 X-MS-TrafficTypeDiagnostic: CH2PR12MB3864: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 0353563E2B X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: T6o1wrHxZsGLPtPyJ+Cu2aOAusv/hSrqwD2b99t2GPIj8gSciASl+7Rwzr3mhajTdcCQNM1u0VLXwMgDxM24mYL0oSkfmQ3j6szqKv/iTvxo2r9Eyk2P2StAhBKxKKw/vzWh80Yw/GoteO7quILOL/5d5PZZBjEaC1e4Yod6dTSi1WYq4ytzYwmgjQKKaMGXE4B8qbgpcL2aeUfVmNguEO15rsBIBl8Nfnaws8jEeibnDiOQAa42zmrAuUIRgoU3MeKQhuOKMhnypGtM4dBtsgvhNXGLXar4jzp/Yt9jkC+YxIq2M69leYw74hRuGSEvRW4t5sK0KX8rPrtMJxNXIqQdfHqZuE2BL3Y4f5vRJ9ZlNiZGNFRP73hphXitP139iji49vnlNBIjkyA6jXPjUiuY0wjlSuLORW+NQH3sl8vT9fJ4fHi8VBkVrLREe8vPm/q0L0goStj8p+H9bMWiqMXdVH7YgcUFbKLaq8um+4pSwaDEEwfi9Zg+MuBs7W7fkK0HByfzboVAkDwyvMXmtC4tQmQRKpkTFcAGxf0r2JcN+BLn+91X7+MJFbzAqpprnNJA2x95jD1Zsy1okhy5Og== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Mar 2020 13:19:44.4717 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3d81573-a7fa-4c53-0977-08d7d0bf2f53 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3864 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-12.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2020 13:19:59 -0000 On 3/24/20 3:00 PM, Rifaat Shekh-Yusef wrote: > All, > > We believe that with this version we have addresses all the comments we > received and that the document is ready to move forward. > Please, take a look and let us know if you have any further comments. This looks good to me! Thanks, Paul > Regards, >  Rifaat > > > On Tue, Mar 24, 2020 at 2:58 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-12.txt >         Pages           : 14 >         Date            : 2020-03-24 > > Abstract: >    This document defines the "Bearer" authentication scheme for the >    Session Initiation Protocol (SIP), and a mechanism by which user >    authentication and SIP registration authorization is delegated to a >    third party, using the OAuth 2.0 framework and OpenID Connect Core >    1.0.  This document updates RFC 3261 to provide guidance on how > a SIP >    User Agent Client (UAC) responds to a SIP 401/407 response that >    contains multiple WWW-Authenticate/Proxy-Authenticate header fields. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-12 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-12 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-12 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Wed Mar 25 06:23:11 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24DA03A0CA0 for ; Wed, 25 Mar 2020 06:23:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.564 X-Spam-Level: X-Spam-Status: No, score=-3.564 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-1.463, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eg58IPUCZtai for ; Wed, 25 Mar 2020 06:22:56 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60088.outbound.protection.outlook.com [40.107.6.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE3223A0C2F for ; Wed, 25 Mar 2020 06:22:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QvmjEHVZ7e9ptF70k22JSSQtyfUBJTzPcrROkps2rn00DCkWfzMLlTHgszVIVdAcWdKO9ev11a59BzVzmqfBNwQ8DzFx2VKK57vSSU+UwBdsP+hCOrmqgs7zrdck9m33NOdzTN3ecXQryt1VI+Vlp25Pd2OozchygEJgAaDcDbCz/ha0Riv0EFJqxVKQckb2adzTwxa0IFEQSrl6rzsX1fBXhZ4UDQV2/BVZ9EqHYgPTsZeH4c2QGJeQUJajHPu59TstpAfDi1cz6uyJGBFfDfjh7xt2b0kLX/8wDQCk1TybRqqwLGQ83oabQ+QkRgj0ShE0+yUB4jcnJ0VBP31RUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yjjAUdVSN4Vpbm/x8X6n8okFc+bh415yThVEUOoXOuo=; b=baT6qHRjNEqeY2WVY/5nYzgg0Haz0xNzSoqPD3VScgilOjo7KWHOnRnb4lvvGhqR/ms6qaIFIvD/tOOXWobvHAkoEaFRkXhs/ZKdng2mYhYJtMgcRrR7Wfecw0Wd0u8EWb9LVgpaF1YPlY1Pz5okLl1JFOYoJp4Rc7Ha/6M1WNP9QOVKxCy7PXJfjb8K+VdQ6RuBaWqjMQ4jmOUMT+dSV3fB6CYAgVgPUpzbHReW95z5qTL71U7GfnVvLtKih+slKhqj1tbdyhM7OU+VFW9JguedjUqVuReTotMBvkGtBT5kUpsj+Gn7FKuU36vuoEcE0/cG7eeElc3GjOmlBaQjkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yjjAUdVSN4Vpbm/x8X6n8okFc+bh415yThVEUOoXOuo=; b=rOhOWXYPdqJID8A6Omsg+Gw6zQnR7V6lmaeUP/MmWw+vzbfu57BpiaoE9NkfG3GW4wobx0XA1TmrqdURgtr3trzYWOceNvJfIO/GDrmXbfCtVH41gqJrFF7tpJrPQGFxYT9zr5MK5eajNUsSR4+atW02wbmz920eQBZ0cqvFVzQ= Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (52.134.82.159) by AM0PR07MB4738.eurprd07.prod.outlook.com (52.135.151.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.15; Wed, 25 Mar 2020 13:22:53 +0000 Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512%7]) with mapi id 15.20.2856.018; Wed, 25 Mar 2020 13:22:53 +0000 From: Christer Holmberg To: Paul Kyzivat , "sipcore@ietf.org" Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-12.txt Thread-Index: AQHWAg4neK+WLncTDk6d3e3iN5teNqhYGNoAgAEzIACAACJqgA== Date: Wed, 25 Mar 2020 13:22:53 +0000 Message-ID: References: <158507617089.11617.13752333651706106065@ietfa.amsl.com> <36d3574c-6dda-225b-cb2b-740f7bf749e2@alum.mit.edu> In-Reply-To: <36d3574c-6dda-225b-cb2b-740f7bf749e2@alum.mit.edu> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cde11ca1-bd80-4b00-80e2-08d7d0bf9fc0 x-ms-traffictypediagnostic: AM0PR07MB4738: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0353563E2B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(366004)(346002)(376002)(136003)(66946007)(6512007)(966005)(66574012)(316002)(186003)(66556008)(6506007)(110136005)(86362001)(26005)(33656002)(76116006)(36756003)(5660300002)(2906002)(81166006)(2616005)(8936002)(66446008)(8676002)(91956017)(81156014)(71200400001)(6486002)(53546011)(64756008)(478600001)(66476007)(44832011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB4738; H:AM0PR07MB3987.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: KFY56dT3UacqP1f8vWqbVab5KTsDaMppqW5xg30XERJk5ZgR5I2SsgvCocpUS8yYni+g0g6yCYR7q97LkMOhHJAoGnaCh/VxBqgRiyeDRKtF1zWwNLARXaipDXhof7yb7uyiwfWhfSCYE8dhmEuas2Ag3TshVAKgLUJxJG6PWexOlLqT9DFTsTVWHzhZX1OSe83EY9y7057ydOPvyI5UACrVc6uMmEkPZsKPJIvIXLexn9rmaiD+1Wq0IYMt6k/KoQffYCOwDK1bsMBauSdkd5nYtmKnu/8N9XkY3h8jAYZuD+EnMMFXrvPts+mJCQaIpWmy70Rfoz356X6PKxr7jpiaieLLAnLtw2cFJQfboNrBSy+aNpyt+CHw+eeOXdBPSLNK1pxpwhLKBGOA9B6heH3KHjbgzCYlJJrH6LcAwbPG1gulRdvLSjOpXzQPTvaAofhGNvQoo7R39KXWGh2Ov7wyrkKw4hOrccwRXHn8A1w5uUZsDFwI8iXjNGbdVGYiQKlH90FSBf3QiLZVAHZieQ== x-ms-exchange-antispam-messagedata: 22Lazad9dbzWb8xBVSUp0Q3/wiNOSSluQtAi31nE/6TvheYKGt/lUWcYwxi/5SUfBHvOvvNb073tV/0XwWV5F+4A1c/fe04JoYW3OHnAuGqCsZJcY3EfC896cDCetYqSe3EI7XSR41L8x0LyhdJ1bg== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <515C6FB623E46E4E9C5442B2665968DF@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: cde11ca1-bd80-4b00-80e2-08d7d0bf9fc0 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2020 13:22:53.2179 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TDfS0UUfJ8j3ffSvQ8+GzhwHKzQ6f+SlK+pOdoQROv1LY0ZqislXXI14EVYVJA8uQzGPUKNNOOi8V5DoFOIz5qDujfwUeKgcx6bQeAiIpDc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4738 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-12.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2020 13:23:09 -0000 VGhhbmsgWW91LCBQYXVsLg0KDQpSZWdhcmRzLA0KDQpDaHJpc3Rlcg0KDQrvu79PbiAyNS8wMy8y MDIwLCAxNS4yMSwgInNpcGNvcmUgb24gYmVoYWxmIG9mIFBhdWwgS3l6aXZhdCIgPHNpcGNvcmUt Ym91bmNlc0BpZXRmLm9yZyBvbiBiZWhhbGYgb2YgcGt5eml2YXRAYWx1bS5taXQuZWR1PiB3cm90 ZToNCg0KICAgIE9uIDMvMjQvMjAgMzowMCBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3RlOg0K ICAgID4gQWxsLA0KICAgID4gDQogICAgPiBXZSBiZWxpZXZlIHRoYXQgd2l0aCB0aGlzIHZlcnNp b24gd2UgaGF2ZSBhZGRyZXNzZXMgYWxsIHRoZSBjb21tZW50cyB3ZSANCiAgICA+IHJlY2VpdmVk IGFuZCB0aGF0IHRoZSBkb2N1bWVudCBpcyByZWFkeSB0byBtb3ZlIGZvcndhcmQuDQogICAgPiBQ bGVhc2UsIHRha2UgYSBsb29rIGFuZCBsZXQgdXMga25vdyBpZiB5b3UgaGF2ZSBhbnkgZnVydGhl ciBjb21tZW50cy4NCiAgICANCiAgICBUaGlzIGxvb2tzIGdvb2QgdG8gbWUhDQogICAgDQogICAg CVRoYW5rcywNCiAgICAJUGF1bA0KICAgIA0KICAgID4gUmVnYXJkcywNCiAgICA+ICAgUmlmYWF0 DQogICAgPiANCiAgICA+IA0KICAgID4gT24gVHVlLCBNYXIgMjQsIDIwMjAgYXQgMjo1OCBQTSA8 aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnIA0KICAgID4gPG1haWx0bzppbnRlcm5ldC1kcmFmdHNA aWV0Zi5vcmc+PiB3cm90ZToNCiAgICA+IA0KICAgID4gDQogICAgPiAgICAgQSBOZXcgSW50ZXJu ZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQtRHJhZnRzDQog ICAgPiAgICAgZGlyZWN0b3JpZXMuDQogICAgPiAgICAgVGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRl bSBvZiB0aGUgU2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIENvcmUgV0cNCiAgICA+ICAgICBv ZiB0aGUgSUVURi4NCiAgICA+IA0KICAgID4gICAgICAgICAgICAgIFRpdGxlICAgICAgICAgICA6 IFRoaXJkLVBhcnR5IFRva2VuLWJhc2VkIEF1dGhlbnRpY2F0aW9uDQogICAgPiAgICAgYW5kIEF1 dGhvcml6YXRpb24gZm9yIFNlc3Npb24gSW5pdGlhdGlvbiBQcm90b2NvbCAoU0lQKQ0KICAgID4g ICAgICAgICAgICAgIEF1dGhvcnMgICAgICAgICA6IFJpZmFhdCBTaGVraC1ZdXNlZg0KICAgID4g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENocmlzdGVyIEhvbG1iZXJnDQogICAgPiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmljdG9yIFBhc2N1YWwNCiAgICA+ICAgICAg ICAgICAgICBGaWxlbmFtZSAgICAgICAgOiBkcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1 dGhuei0xMi50eHQNCiAgICA+ICAgICAgICAgICAgICBQYWdlcyAgICAgICAgICAgOiAxNA0KICAg ID4gICAgICAgICAgICAgIERhdGUgICAgICAgICAgICA6IDIwMjAtMDMtMjQNCiAgICA+IA0KICAg ID4gICAgIEFic3RyYWN0Og0KICAgID4gICAgICAgICBUaGlzIGRvY3VtZW50IGRlZmluZXMgdGhl ICJCZWFyZXIiIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBmb3IgdGhlDQogICAgPiAgICAgICAgIFNl c3Npb24gSW5pdGlhdGlvbiBQcm90b2NvbCAoU0lQKSwgYW5kIGEgbWVjaGFuaXNtIGJ5IHdoaWNo IHVzZXINCiAgICA+ICAgICAgICAgYXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24g YXV0aG9yaXphdGlvbiBpcyBkZWxlZ2F0ZWQgdG8gYQ0KICAgID4gICAgICAgICB0aGlyZCBwYXJ0 eSwgdXNpbmcgdGhlIE9BdXRoIDIuMCBmcmFtZXdvcmsgYW5kIE9wZW5JRCBDb25uZWN0IENvcmUN CiAgICA+ICAgICAgICAgMS4wLiAgVGhpcyBkb2N1bWVudCB1cGRhdGVzIFJGQyAzMjYxIHRvIHBy b3ZpZGUgZ3VpZGFuY2Ugb24gaG93DQogICAgPiAgICAgYSBTSVANCiAgICA+ICAgICAgICAgVXNl ciBBZ2VudCBDbGllbnQgKFVBQykgcmVzcG9uZHMgdG8gYSBTSVAgNDAxLzQwNyByZXNwb25zZSB0 aGF0DQogICAgPiAgICAgICAgIGNvbnRhaW5zIG11bHRpcGxlIFdXVy1BdXRoZW50aWNhdGUvUHJv eHktQXV0aGVudGljYXRlIGhlYWRlciBmaWVsZHMuDQogICAgPiANCiAgICA+IA0KICAgID4gICAg IFRoZSBJRVRGIGRhdGF0cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOg0KICAg ID4gICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29y ZS1zaXAtdG9rZW4tYXV0aG56Lw0KICAgID4gDQogICAgPiAgICAgVGhlcmUgYXJlIGFsc28gaHRt bGl6ZWQgdmVyc2lvbnMgYXZhaWxhYmxlIGF0Og0KICAgID4gICAgIGh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0xMg0KICAgID4g ICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi4ub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lw Y29yZS1zaXAtdG9rZW4tYXV0aG56LTEyDQogICAgPiAgICAgPGh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRobnotMTI+ DQogICAgPiANCiAgICA+ICAgICBBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBpcyBh dmFpbGFibGUgYXQ6DQogICAgPiAgICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwy PWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTEyDQogICAgPiANCiAgICA+IA0K ICAgID4gICAgIFBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRl cyBmcm9tIHRoZSB0aW1lIG9mDQogICAgPiAgICAgc3VibWlzc2lvbg0KICAgID4gICAgIHVudGls IHRoZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQgdG9vbHMuaWV0 Zi5vcmcNCiAgICA+ICAgICA8aHR0cDovL3Rvb2xzLmlldGYub3JnPi4NCiAgICA+IA0KICAgID4g ICAgIEludGVybmV0LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUgYnkgYW5vbnltb3VzIEZUUCBh dDoNCiAgICA+ICAgICBmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzLw0KICAgID4g DQogICAgPiANCiAgICA+ICAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KICAgID4gICAgIHNpcGNvcmUgbWFpbGluZyBsaXN0DQogICAgPiAgICAgc2lw Y29yZUBpZXRmLm9yZyA8bWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmc+DQogICAgPiAgICAgaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaXBjb3JlDQogICAgPiANCiAgICA+IA0K ICAgID4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCiAg ICA+IHNpcGNvcmUgbWFpbGluZyBsaXN0DQogICAgPiBzaXBjb3JlQGlldGYub3JnDQogICAgPiBo dHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUNCiAgICA+IA0KICAg IA0KICAgIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQog ICAgc2lwY29yZSBtYWlsaW5nIGxpc3QNCiAgICBzaXBjb3JlQGlldGYub3JnDQogICAgaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaXBjb3JlDQogICAgDQoNCg== From nobody Thu Mar 26 22:26:49 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 389AB3A0DCA; Thu, 26 Mar 2020 22:26:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Murray Kucherawy via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, sipcore-chairs@ietf.org, sipcore@ietf.org, Brian Rosen X-Test-IDTracker: no X-IETF-IDTracker: 6.123.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Murray Kucherawy Message-ID: <158528677014.5303.3876813623985941028@ietfa.amsl.com> Date: Thu, 26 Mar 2020 22:26:10 -0700 Archived-At: Subject: [sipcore] Murray Kucherawy's No Objection on draft-ietf-sipcore-callinfo-spam-04: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2020 05:26:12 -0000 Murray Kucherawy has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I'll take over Adam's "Yes" position shortly, after I check on a process point. I concur with most or all of Barry's suggested edits and encourage you to consider them when preparing a new version. I also support Alissa's and Magnus' DISCUSS positions. The third paragraph of Section 3 left me uncertain about whether all the references to "header" vs. "header field" were correct. Might be worth another look. In the lists in Sections 4 and 5, I suggest putting colons after each of the hanging labels. Separating them from the prose by just a couple of spaces doesn't seem to be enough. I'm curious about the second paragraph in Section 9; under what circumstances might one deviate from the SHOULD? From nobody Sat Mar 28 14:19:25 2020 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 347D73A00D8; Sat, 28 Mar 2020 14:19:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Jean Mahoney via Datatracker To: X-Test-IDTracker: no X-IETF-IDTracker: 6.123.1 Auto-Submitted: auto-generated Precedence: bulk Cc: iesg-secretary@ietf.org, sipcore@ietf.org, Jean Mahoney , mahoney@nostrum.com, sipcore-chairs@ietf.org Message-ID: <158543036264.30700.1471653651590781791@ietfa.amsl.com> Date: Sat, 28 Mar 2020 14:19:23 -0700 Archived-At: Subject: [sipcore] Publication has been requested for draft-ietf-sipcore-sip-token-authnz-12 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Mar 2020 21:19:24 -0000 Jean Mahoney has requested publication of draft-ietf-sipcore-sip-token-authnz-12 as Proposed Standard on behalf of the SIPCORE working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ From nobody Sat Mar 28 17:55:52 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460203A0C6B for ; Sat, 28 Mar 2020 17:55:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.197 X-Spam-Level: X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zhxgXWqchJ6X for ; Sat, 28 Mar 2020 17:55:48 -0700 (PDT) Received: from mail-vs1-xe43.google.com (mail-vs1-xe43.google.com [IPv6:2607:f8b0:4864:20::e43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCC953A0C68 for ; Sat, 28 Mar 2020 17:55:48 -0700 (PDT) Received: by mail-vs1-xe43.google.com with SMTP id y138so8741404vsy.0 for ; Sat, 28 Mar 2020 17:55:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=KSCmyjbzssjFKoHFh9OdIlYheb1IjsEYinkvdhXNmrw=; b=TT6CHB9yoHaI5AdC3ADmw+lHpPufxBQP5Fy83YrqGAx6fFOe0scGPidTY0NKN7HJpK ZztjxMNzwLkq4Jt0yQ8PeCblP1eUHK6gdurchfGNaPWMTad/gdzsMHba6oWdtv5d5Cus HEJ0P4OdaUYVxGqDvapGb7rh9eQdUk/GWOexpM5lZ0VqkdPq4/SLYEbNYm2I7lIn7Zqf DksH+08+U+N+r8icJHyR0v+9E03NPIHX2FOmvHpk3rOSbkRSAjq3mTEKFBJGIF8B7jY9 hJeZo16L+OWs4EvR9EF1KjOaAzcliT2y2XWT7SimL3OsCuKXAZ3+qFsKCzhUPA+ByjcG g4NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=KSCmyjbzssjFKoHFh9OdIlYheb1IjsEYinkvdhXNmrw=; b=Cjji7vTF9KhK78mkPZKQwI/MpAOOV7ZLuqoefeQQdCtz1W38fzCySNv+43rH+tov5T 6+CZT5XBsGd0SuA/+CFWh81Jmli8mZpERLyLYE6TeXqwfrvrCuGvhodLpNCtr9IO6bca hQn/QYG2gDcddsFswq35jUKM8rY/iL7QWMJetS8gebgIYMBVn89YHYWogCaGlam8BZ5e u4TvJhM3lzvapFIXmot/6rH8gTBRaUyLTTwZ06SbHfwkqy5box4bT64salXIkYP5oD/g IPmKBBp+nBlwd5jbd8EU6gmm5JEzth11wRMXchbIcWSANWOYoWhgufbR2ey2X9Z1YoxP ytvw== X-Gm-Message-State: AGi0PuaMJvr6SfveN8OaWPpKzbbG01e/dNtVTf+5KfHLbu+i8SgfRvEA eg2oxtvN/7dSaNQEYPsvgHgRFCWrZeN8Fg476Q6/5w97jNI= X-Google-Smtp-Source: APiQypKXO77IMupO27XJcrnHfN70CjUWVToNJku7LhDa2mu0N0WlBbySa4jObARCtcL+qI8h+2txBLyrb7f5A4qS3MQ= X-Received: by 2002:a67:c10f:: with SMTP id d15mr4010043vsj.7.1585443347360; Sat, 28 Mar 2020 17:55:47 -0700 (PDT) MIME-Version: 1.0 References: <158543036264.30700.1471653651590781791@ietfa.amsl.com> In-Reply-To: <158543036264.30700.1471653651590781791@ietfa.amsl.com> From: "Murray S. Kucherawy" Date: Sat, 28 Mar 2020 17:55:34 -0700 Message-ID: To: sipcore@ietf.org Content-Type: multipart/alternative; boundary="00000000000087ee1605a1f3cbfd" Archived-At: Subject: Re: [sipcore] Publication has been requested for draft-ietf-sipcore-sip-token-authnz-12 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 00:55:50 -0000 --00000000000087ee1605a1f3cbfd Content-Type: text/plain; charset="UTF-8" On Sat, Mar 28, 2020 at 2:19 PM Jean Mahoney via Datatracker < noreply@ietf.org> wrote: > Jean Mahoney has requested publication of > draft-ietf-sipcore-sip-token-authnz-12 as Proposed Standard on behalf of > the SIPCORE working group. > > Please verify the document's state at > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > First round of AD Evaluation comments. I'm learning SIP as I go here, so please be gentle in your responses to what might be neophyte questions. :-) Section 1.3: Nits: * s/usualy/usually/ * "... consumed only the AS ..." -- s/only/only by/ Section 2.1.1: Nits: * "In which case, ..." -- s/which/that/ * "... authorize UAC's access ..." -- insert "the" before "UAC's" Section 2.2: * The SHOULD in the first paragraph is curious. Under what circumstances might you do anything other than what it says there? Section 3: Nit: * "The methods used and the access provided by the token is based on..." -- s/is/are/ * Why is "REGISTRAR" in all-caps? Section 4: * In the ABNF I believe it's more conventional to say in the prose that this, that, or the-other tokens are imported from [RFCxxxx], without also saying so in the ABNF itself. This isn't a blocker, but an ABNF parser might whine about what's present in this version of the document, and some reviewer downstream of me might then squawk about it. -MSK --00000000000087ee1605a1f3cbfd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sat, Mar 28, 2020 at 2:19 PM Jean Mahoney via Datatracker <noreply@ietf.org> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">Jean Mahoney has requested= publication of draft-ietf-sipcore-sip-token-authnz-12 as Proposed Standard= on behalf of the SIPCORE working group.

Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-a= uthnz/

First round of AD Evaluation comments.=C2=A0 I'm learn= ing SIP as I go here, so please be gentle in your responses to what might b= e neophyte questions.=C2=A0 :-)

Section 1.3:
Nits:
* s/usualy/usually/
* "... consumed on= ly the AS ..." -- s/only/only by/

Sectio= n 2.1.1:
Nits:
* "In which case, ..."= -- s/which/that/
* "... authorize UAC's access ..."= ; -- insert "the" before "UAC's"

Section 2.2:
* The SHOULD in the first paragraph is cu= rious.=C2=A0 Under what circumstances might you do anything other than what= it says there?

Section 3:
Nit:
*= "The methods used and the access provided by the token is based on...= " -- s/is/are/
* Why is "REGISTRAR" in all-caps?

Section 4:
* In the ABNF I believe it= 's more conventional to say in the prose that this, that, or the-other = tokens are imported from [RFCxxxx], without also saying so in the ABNF itse= lf.=C2=A0 This isn't a blocker, but an ABNF parser might whine about wh= at's present in this version of the document, and some reviewer downstr= eam of me might then squawk about it.

-MSK

--00000000000087ee1605a1f3cbfd-- From nobody Sun Mar 29 01:43:43 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DC23A150F for ; Sun, 29 Mar 2020 01:43:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.201 X-Spam-Level: X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29kHX1hGIP0e for ; Sun, 29 Mar 2020 01:43:40 -0700 (PDT) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060b.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::60b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 755963A13DB for ; Sun, 29 Mar 2020 01:43:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fOocQJ5sxGEvm9TqTuw4Dzdj4WlsiZxY3ADOddgS7+v+SGUhHRnOQhkeB+bsKLb0qIuyjidz8hUnVd6r5nFNzCTey9CHsXisl5f/EtlsaUNeNsoLe883o4xXO0AoDLNlvtLhAgaoYJ/ES7Qx2jqhVJAYEMVhhDZRNqqHGv7sAft/0wRYt1JkupVzMWN3zrEaQA7Ikw8bXRGsxCa6JCPN0df1Rp7WrKRf6O+dVGpssxCssFFTy4gWbTwZ/oW9YsbEtWpzTvn3RYeE8lheo/pQWNQ79FOY5oB/rGo9yauZ3vBdzU01GaZ6Xl0humqCkQR91vDK12JKMPDJChG0nQGWpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B757+GztLLKpgSIEmaO9+CwwhBam5hRqM/pSXGzPfEg=; b=SgRt8nw3/F59yXUJFJvFzsJkNepqNgMbHUF3LR3qaYYJ/1OPc13BFBjGR022jdikzgb2VyBBWKd/0z3UEeweS+q74aC5A0pCzK28PCZlNJTGr3N6UtJnQADlnk6gKj/Ov5kcbSW8vY4/WP4LE8l1yTneE6GegDxYMEFYDM0yx+wIdYpy4+aUo8O9qOEt7traDVAgCBGVKyzZMGu3cQUpL4lWM2vHTAVB6GjPDJAK4SradZfZcs2zLBcUwrRJ7rK6wrQb9X+amHZqCueO6bkKdOC5+tdidjiZ2QOLuQUtlghoo/ddl7vG9SrYBnXrnbeDyfTc1Ufw+k5wt4yOivrTaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B757+GztLLKpgSIEmaO9+CwwhBam5hRqM/pSXGzPfEg=; b=dksStl1cxYGvOS0Hok6Dj9XU/vH7Vif9lykvekcxw1wkWU+MLsTmz/XDm6/mTaPKRmqC9DbnPuwEr13ECPjukUqpb7CJFg6Lxp3W9vaVMgLhUvs6WywLaQq9OHk/ojAej1TXjvNm+PGRf+k6fqs2/amrWP/FSLpWdNYtmKzouSA= Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (52.134.82.159) by AM0PR07MB6369.eurprd07.prod.outlook.com (10.186.172.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.12; Sun, 29 Mar 2020 08:43:38 +0000 Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::57b:b81e:33ec:5512%7]) with mapi id 15.20.2878.012; Sun, 29 Mar 2020 08:43:37 +0000 From: Christer Holmberg To: "Murray S. Kucherawy" , "sipcore@ietf.org" Thread-Topic: [sipcore] Publication has been requested for draft-ietf-sipcore-sip-token-authnz-12 Thread-Index: AQHWBUej+xuJLfcWU0mGAUR+BxxToKhevvEAgAC1EYA= Date: Sun, 29 Mar 2020 08:43:37 +0000 Message-ID: <3BAD376C-C634-49CE-9C05-8D37A049461C@ericsson.com> References: <158543036264.30700.1471653651590781791@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2d098139-27a8-4b77-7d63-08d7d3bd4664 x-ms-traffictypediagnostic: AM0PR07MB6369: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5236; x-forefront-prvs: 035748864E x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3987.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(396003)(376002)(39860400002)(366004)(136003)(91956017)(110136005)(76116006)(66446008)(66476007)(66946007)(64756008)(5660300002)(8936002)(66556008)(2616005)(44832011)(186003)(26005)(6512007)(6486002)(478600001)(6506007)(36756003)(33656002)(71200400001)(316002)(81156014)(2906002)(81166006)(8676002)(86362001); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9DGaV6pr3dL4T5JUAxvdTQPKoee/gdWTpiB2Y/ZO9DHYlBAdfNE7TFjAB5VFOzz6l1rRLMs2kOjWKD8DrRI04uGaxQiWu/z0H75QQpxlU3nikaldAdAGXVfaQSM3yAxeKGRySk/0U/QNal0C6ZykOTF0YGv9uQ/qbPfZAttKJx3Mo8LBuV5WWhz/lOW0mdtIdvgBe9VuPM712CnxN/06HvkERWbM7Za8uPKUjU1z9fErowq/qrhHvZmM+2xNAVJo+9zW+KN8Ul33J8xIOMNxLZ0lM5Mjfi9g3DrTa3ya/DDBbr0T6MhO7vzG8HPqKdgEcdLb2JI8D8EJaBoLTkVsRMRkqnwHEqsZ2W6cKDPOU0EI4Pg7Km/IryPfS6D7YjC/FNrCEh4rkVHjbB2CXU6SsK61KSJuOWks/ZvNGtmF+5nJZ03Y36zXScMim01q3hoY x-ms-exchange-antispam-messagedata: AuCziVLJjvM2DzamEfMKmLsFaf86Gb/qZHLbQmgvk3zMhOvgK2LS6m3yHRxV5uDdT7a/HIVlXjttyc5svvYBSviAQ5lEPYd7/IUPHGIfxlv2YraqHzHicUaFWVTvwLhi1bhf3ToUdZ/J5afF7hZWuw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <3389F5B5B5DB2D49820E6394B796461A@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2d098139-27a8-4b77-7d63-08d7d3bd4664 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2020 08:43:37.8255 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /NbvxdVCeGfr8u82QrtBMYm+bpVY4st5BBSaTrqwE18QzOkg1yCoLb9DIvVc0FwpizBXjxUYFpdLuaLno59dJbmOpvGzg/7Ekn96gbvxkRE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6369 Archived-At: Subject: Re: [sipcore] Publication has been requested for draft-ietf-sipcore-sip-token-authnz-12 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 08:43:42 -0000 SGkgTXVycmF5LA0KDQpUaGFuayBZb3UgZm9yIHRoZSBjb21tZW50cyEgUGxlYXNlIHNlZSBpbmxp bmUuDQoNCi0tLQ0KDQpTZWN0aW9uIDEuMzoNCg0KPk5pdHM6DQo+KiBzL3VzdWFseS91c3VhbGx5 Lw0KDQpXaWxsIGZpeC4NCg0KPiogIi4uLiBjb25zdW1lZCBvbmx5IHRoZSBBUyAuLi4iIC0tIHMv b25seS9vbmx5IGJ5LyANCg0KV2lsbCBmaXguDQoNCi0tLQ0KDQpTZWN0aW9uIDIuMS4xOg0KDQo+ Tml0czoNCj4qICJJbiB3aGljaCBjYXNlLCAuLi4iIC0tIHMvd2hpY2gvdGhhdC8NCg0KV2lsbCBm aXguDQoNCj4qICIuLi4gYXV0aG9yaXplIFVBQydzIGFjY2VzcyAuLi4iIC0tIGluc2VydCAidGhl IiBiZWZvcmUgIlVBQydzIg0KDQpXaWxsIGZpeC4NCg0KLS0tDQoNClNlY3Rpb24gMi4yOg0KDQo+ KiBUaGUgU0hPVUxEIGluIHRoZSBmaXJzdCBwYXJhZ3JhcGggaXMgY3VyaW91cy7CoCBVbmRlciB3 aGF0IGNpcmN1bXN0YW5jZXMgbWlnaHQgeW91IGRvIGFueXRoaW5nIG90aGVyIHRoYW4gd2hhdCBp dCBzYXlzIHRoZXJlPw0KDQpUaGUgU0hPVUxEIGlzIGJhc2VkIG9uIHRoZSBnZW5lcmljIHByb2Nl ZHVyZSBpbiBSRkMgMzI2MSwgd2hpY2ggc2F5cyB0aGF0IGEgcmVnaXN0cmFyIFNIT1VMRCBhdXRo ZW50aWNhdGUgYSB1c2VyLg0KDQotLS0NCg0KU2VjdGlvbiAzOg0KPg0KPk5pdDoNCj4qICJUaGUg bWV0aG9kcyB1c2VkIGFuZCB0aGUgYWNjZXNzIHByb3ZpZGVkIGJ5IHRoZSB0b2tlbiBpcyBiYXNl ZCBvbi4uLiIgLS0gcy9pcy9hcmUvDQoNCldpbGwgZml4Lg0KDQo+KiBXaHkgaXMgIlJFR0lTVFJB UiIgaW4gYWxsLWNhcHM/DQoNClRoYXQgaXMgYSBtaXN0YWtlLiBXaWxsIGZpeC4NCg0KLS0tDQoN ClNlY3Rpb24gNDoNCg0KPiAqIEluIHRoZSBBQk5GIEkgYmVsaWV2ZSBpdCdzIG1vcmUgY29udmVu dGlvbmFsIHRvIHNheSBpbiB0aGUgcHJvc2UgdGhhdCB0aGlzLCB0aGF0LCBvciB0aGUtb3RoZXIg dG9rZW5zIGFyZSBpbXBvcnRlZCBmcm9tIFtSRkN4eHh4XSwNCj4gd2l0aG91dCBhbHNvIHNheWlu ZyBzbyBpbiB0aGUgQUJORiBpdHNlbGYuwqAgVGhpcyBpc24ndCBhIGJsb2NrZXIsIGJ1dCBhbiBB Qk5GIHBhcnNlciBtaWdodCB3aGluZSBhYm91dCB3aGF0J3MgcHJlc2VudCBpbiB0aGlzIHZlcnNp b24NCj4gb2YgdGhlIGRvY3VtZW50LCBhbmQgc29tZSByZXZpZXdlciBkb3duc3RyZWFtIG9mIG1l IG1pZ2h0IHRoZW4gc3F1YXdrIGFib3V0IGl0Lg0KDQpUaGlzIGlzIHRoZSB3YXkgd2UgZGlkIGUu Zy4sIGluIFJGQyA4NTk5ICh3aGljaCBpcyB0aGUgbGF0ZXN0IFNJUENPUkUgUkZDIEkgd2FzIGNv LWF1dGhvcmluZykuIEkgcGVyc29uYWxseSBkb24ndCBoYXZlIGEgc3Ryb25nIG9waW5pb24sIGJ1 dCBpbiBnZW5lcmFsIEkgdGhpbmsgaXQgaXMgZ29vZCB0byBiZSBjb25zaXN0ZW50Lg0KDQpSZWdh cmRzLA0KDQpDaHJpc3Rlcg0KDQoNCg== From nobody Sun Mar 29 11:33:08 2020 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06C4C3A08AE for ; Sun, 29 Mar 2020 11:32:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.101 X-Spam-Level: X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdodpfgmLR5l for ; Sun, 29 Mar 2020 11:32:55 -0700 (PDT) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2067.outbound.protection.outlook.com [40.107.223.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B6E23A08B2 for ; Sun, 29 Mar 2020 11:32:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lCpXohZeMEPCFepK/AWxURaX8r1la7FBrvG7I6ugDkFS74HFPi9Dr+rnnUdlgR9ODuPlp+O3WFyLWHBKGuMO0Q1P3Q5m30JNiaVjEu3KALtC62PLM7orWb77D4PcWk1TyS3jPK5ir77MT/1etsk1l1MLKlJQ0l94aPB5/qUebB3PGM58VyMaDOFcvVgXQOK9BxN6SGLUPXLzuYromxTwUbAWxQGSyubXx/IZWqDv+b8o9tAedNV2QK6vSs5FXpSt8+r32lU/YIMVh5OYGQi7FmbnS31o/8xNayRQ3Hq14SsXSaqiIdZA0+ZpWU1evO+86GORDKMbInopV0huiXU/GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l6TlWhluLbTdmMk+6fsHB0dFvovwhzS8zpcGoxK3HT0=; b=nwv0okcsVT8E5Iyd5fZEWd7VUx1ftPLUn7tuFsc2BQASPcMtGYIDasklaarspw/30lKECVntBjKLpF0XcmEctbhxjf+pumnZOz0D7BNScDZe/ReTf1V+ZaNMTlL9obnW5ZXseTL4GJPrf8QZaQSLAEm/ro34Fllbv1XSFyuO0EKV+YIRtXG2DleJO+pjBrzo1rGSHm7j4SfhUnVCe4lc9p8VPXHNj54fp56EKQ5k4nECtmVPg8eZHgaMp6s+/K5aXxCjPZfq0T0J2xMqxTRTW2o1yA2DNkdVn69yKPdK7XQmbmIT4nFFHqA1J4989VqlL9Iq0AygWtE0tqT89s+f6Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=gmail.com smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l6TlWhluLbTdmMk+6fsHB0dFvovwhzS8zpcGoxK3HT0=; b=cSMucJWAjDGXf5ah7Njuh87H+8gA+sUYvB5kmVYjb302pd+oXucj6P1T0zBQ+vQgX0csnfOGoDxaB1suGumjKGLWzSgEn/p0IIqlhVwcV6MqpApgfSiI9aFXETNdb19Z/XzPpjMmNi1QgmywdhlXThlpYT7GqGszq47eAr+6c7A= Received: from DM5PR13CA0071.namprd13.prod.outlook.com (2603:10b6:3:117::33) by SN6PR12MB2687.namprd12.prod.outlook.com (2603:10b6:805:73::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Sun, 29 Mar 2020 18:32:53 +0000 Received: from CY1NAM02FT003.eop-nam02.prod.protection.outlook.com (2603:10b6:3:117:cafe::77) by DM5PR13CA0071.outlook.office365.com (2603:10b6:3:117::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.11 via Frontend Transport; Sun, 29 Mar 2020 18:32:53 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT003.mail.protection.outlook.com (10.152.74.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Sun, 29 Mar 2020 18:32:52 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 02TIWnD9012960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 29 Mar 2020 14:32:51 -0400 To: "Murray S. Kucherawy" , sipcore@ietf.org References: <158543036264.30700.1471653651590781791@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <74483989-228d-b9e9-1866-8da904c0908f@alum.mit.edu> Date: Sun, 29 Mar 2020 14:32:49 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFTY:; SFS:(10009020)(39860400002)(376002)(136003)(396003)(346002)(46966005)(8676002)(8936002)(246002)(2906002)(75432002)(2616005)(336012)(186003)(31686004)(31696002)(26005)(26826003)(956004)(478600001)(86362001)(53546011)(70586007)(5660300002)(7596002)(70206006)(47076004)(82740400003)(356004)(786003)(316002)(36906005); DIR:OUT; SFP:1101; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8df4d78d-8dcd-4f40-3694-08d7d40f9790 X-MS-TrafficTypeDiagnostic: SN6PR12MB2687: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 035748864E X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dZfMpTf/AGSYg/gH8hZAjZ/I01e9Q/8vFZGorPQGT1DlXkUklE6T9rXuQMpj9/tBgX8IpqmIAHa19BXlBwJzL688qcwbKwo8RvQg2w7WPZJPettWFbHxB6ydf13y+3pRfeF5c0WuRYNZKPOSxIND1bEEZ2lYbdUBgQN91enL0PCPTkoM+KbfpY4VKHs7QL+GDkc3/cwP1Wk129/ha5Zg1JO8QDJrK7hl2zrJOzAP5khGS/7q3eaLVuoLcNi6trePgVrT+K6LCtBPFt7LKrJFKmPzzfB0eygIyjSmHsXITfEGMab+T47ZEFuHr44oweROJH/2wa56MuZVAX0ehOxQ9kU/ayqa6jXfGrUME8cxzCNsWhI4MWhLxHLylFx7JEZ7JdPuPd0lCoag18tcPTQqdUQVw6ext0h8wyibagryXVFKKEasXyPMHdVSWt1mqR8mC304Exxcc7pnQXBcyfQmc66N0YvGtgra7MPVtYVDQZzCXPjh44hTr3Xxc5vBSie/V1LQoeXjVSMg+RYbRbwukA== X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2020 18:32:52.5824 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8df4d78d-8dcd-4f40-3694-08d7d40f9790 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2687 Archived-At: Subject: Re: [sipcore] Publication has been requested for draft-ietf-sipcore-sip-token-authnz-12 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2020 18:32:57 -0000 Murray, On 3/28/20 8:55 PM, Murray S. Kucherawy wrote: > Section 4: > * In the ABNF I believe it's more conventional to say in the prose that > this, that, or the-other tokens are imported from [RFCxxxx], without > also saying so in the ABNF itself.  This isn't a blocker, but an ABNF > parser might whine about what's present in this version of the document, > and some reviewer downstream of me might then squawk about it. It was changed to the current form from the "conventional" way at my request. The reason is to assist in mechanical verification of the ABNF. With the "conventional" way, if you run the ABNF through an ABNF verifier you get a bunch of errors due to undefined rules. Using this form the verifier has definitions of the rules and is happy. Of course, if you are trying to generate a *parser* then you need to supply the *actual* rules, from their respective documents. That will take hands-on no matter what. (I've tried, off and on, to get people interested in ABNF enhancements that permit actually parsing the cross document references and assembling a complete set of all the needed ABNF rules so that complete verification (and potentially parser generation) can be done. But there hasn't been much interest in that.) Thanks, Paul