From 6d32362bf3ba61403865bd6945b09a3a263d84cc Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 8 Mar 2024 11:46:20 -0500 Subject: [PATCH 1/4] Add IANA registration for JWS types --- draft-ietf-gnap-core-protocol.md | 195 ++++++++++++++++++++++++++++++- 1 file changed, 192 insertions(+), 3 deletions(-) diff --git a/draft-ietf-gnap-core-protocol.md b/draft-ietf-gnap-core-protocol.md index f423161..c32111d 100644 --- a/draft-ietf-gnap-core-protocol.md +++ b/draft-ietf-gnap-core-protocol.md @@ -81,8 +81,10 @@ normative: ins: E. Maler informative: + RFC2046: RFC4107: RFC6202: + RFC6838: RFC6973: RFC7518: RFC8707: @@ -142,6 +144,18 @@ informative: ins: K. Greene - ins: M. Theofanos + IANA.MediaTypes: + target: "https://www.iana.org/assignments/media-types/media-types.xhtml" + author: + - + fullname: IANA + title: Media Types + IANA.StructuredSuffix: + target: "https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml" + author: + - + fullname: IANA + title: Structured Syntax Suffixs entity: SELF: "RFC nnnn" @@ -4808,7 +4822,7 @@ To protect the request, the JWS header contains the following claims. REQUIRED. `typ` (string): -: The type header, value "gnap-binding+jwsd". REQUIRED. +: The type header, value "gnap-binding+jws". REQUIRED. `htm` (string): : The HTTP Method used to make this request, as a case-sensitive ASCII string. (Note that most public HTTP methods are in uppercase.) REQUIRED. @@ -4848,7 +4862,7 @@ In this example, the JOSE header contains the following parameters: "kid": "gnap-rsa", "uri": "https://server.example.com/gnap", "htm": "POST", - "typ": "gnap-binding+jwsd", + "typ": "gnap-binding+jws", "created": 1618884475 } ~~~ @@ -4956,7 +4970,7 @@ new header that indicates the HTTP content's hash method. #### Key Rotation using Attached JWS -When rotating a key using Attached JWS, the message, which includes the new public key value or reference, is first signed with the old key using a JWS object with `typ` header value "gnap-binding-rotation+jwsd". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key. +When rotating a key using Attached JWS, the message, which includes the new public key value or reference, is first signed with the old key using a JWS object with `typ` header value "gnap-binding-rotation+jws". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key. # Resource Access Rights {#resource-access-rights} @@ -5458,6 +5472,181 @@ This specification requests registration of the following scheme in the * Authentication Scheme Name: `GNAP` * Reference: {{use-access-token}} of {{&SELF}} +## Media Type Registration + +This section requests registration of the following media types {{RFC2046}} in +the "Media Types" registry {{IANA.MediaTypes}} in the manner described +in {{RFC6838}}. + +To indicate that the content is a GNAP request message to be bound with a JOSE mechanism: + +* Type name: application +* Subtype name: gnap-binding +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + + +To indicate that the content is a GNAP token rotation message to be bound with a JOSE mechanism: + +* Type name: application +* Subtype name: gnap-binding-rotation +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + + +To indicate that the content is a GNAP message to be bound with a detached JWS mechanism: + +* Type name: application +* Subtype name: gnap-binding+jwsd +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + +To indicate that the content is a GNAP message to be bound with an attached JWS mechanism: + +* Type name: application +* Subtype name: gnap-binding+jws +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + +To indicate that the content is a GNAP token rotation message to be bound with a detached JWS mechanism: + +* Type name: application +* Subtype name: gnap-binding-rotation+jwsd +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + +To indicate that the content is a GNAP token rotation message to be bound with an attached JWS mechanism: + +* Type name: application +* Subtype name: gnap-binding-rotation+jws +* Required parameters: n/a +* Optional parameters: n/a +* Encoding considerations: binary +* Security considerations: See {{security}} of {{&SELF}} +* Interoperability considerations: n/a +* Published specification: {{&SELF}} +* Applications that use this media type: GNAP +* Fragment identifier considerations: n/a +* Additional information: + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a +* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org +* Intended usage: COMMON +* Restrictions on usage: none +* Author: IETF GNAP Working Group, txauth@ietf.org +* Change Controller: IETF +* Provisional registration? No + +## Structured Syntax Suffix Registration + +This section requests registration of the "+jws" and "+jwsd" structured syntax suffixes in +the "Structured Syntax Suffix" registry {{IANA.StructuredSuffix}} in +the manner described in {{RFC6838}}, which can be used to indicate that +the media type is encoded as a compact form JWS with either attached or detached payload content. + +* Name: JWS +* +suffix: +jws +* References: {{&SELF}} +* Encoding considerations: binary; JWS values are a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. +* Interoperability considerations: n/a +* Fragment identifier considerations: n/a +* Security considerations: See {{security}} of {{&SELF}} +* Author: IETF GNAP Working Group, txauth@ietf.org +* Author/Change controller: IETF + + +* Name: Detached JWS +* +suffix: +jwsd +* References: {{&SELF}} +* Encoding considerations: binary; JWS values are a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. +* Interoperability considerations: n/a +* Fragment identifier considerations: n/a +* Security considerations: See {{security}} of {{&SELF}} +* Author: IETF GNAP Working Group, txauth@ietf.org +* Author/Change controller: IETF + + ## GNAP Grant Request Parameters {#IANA-grant-request} This document defines a GNAP grant request, for which IANA is asked to create and maintain a new registry titled "GNAP Grant Request Parameters". Initial values for this registry are given in {{IANA-grant-request-contents}}. Future assignments and modifications to existing assignment are to be made through the Specification Required registration policy {{?RFC8126}}. From 5254c9a4b4155d30e8d57726c4ff9025a80956e7 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 8 Mar 2024 11:56:50 -0500 Subject: [PATCH 2/4] cleanup --- draft-ietf-gnap-core-protocol.md | 39 +++++++++++++++++--------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/draft-ietf-gnap-core-protocol.md b/draft-ietf-gnap-core-protocol.md index c32111d..d8f659f 100644 --- a/draft-ietf-gnap-core-protocol.md +++ b/draft-ietf-gnap-core-protocol.md @@ -5491,9 +5491,9 @@ To indicate that the content is a GNAP request message to be bound with a JOSE m * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5515,9 +5515,9 @@ To indicate that the content is a GNAP token rotation message to be bound with a * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5539,9 +5539,9 @@ To indicate that the content is a GNAP message to be bound with a detached JWS m * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5562,9 +5562,9 @@ To indicate that the content is a GNAP message to be bound with an attached JWS * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5585,9 +5585,9 @@ To indicate that the content is a GNAP token rotation message to be bound with a * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5608,9 +5608,9 @@ To indicate that the content is a GNAP token rotation message to be bound with a * Applications that use this media type: GNAP * Fragment identifier considerations: n/a * Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a + * Magic number(s): n/a + * File extension(s): n/a + * Macintosh file type code(s): n/a * Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org * Intended usage: COMMON * Restrictions on usage: none @@ -5625,6 +5625,8 @@ the "Structured Syntax Suffix" registry {{IANA.StructuredSuffix}} in the manner described in {{RFC6838}}, which can be used to indicate that the media type is encoded as a compact form JWS with either attached or detached payload content. +To indicate the content is a compact form JWS as defined by {{RFC7515}} with attached payload: + * Name: JWS * +suffix: +jws * References: {{&SELF}} @@ -5635,6 +5637,7 @@ the media type is encoded as a compact form JWS with either attached or detached * Author: IETF GNAP Working Group, txauth@ietf.org * Author/Change controller: IETF +To indicate the content is a compact form JWS as defined by {{RFC7515}} with detached payload: * Name: Detached JWS * +suffix: +jwsd From 3b9e7d237f494a47016a5bf93a4b9499befceafb Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 8 Mar 2024 16:29:07 -0500 Subject: [PATCH 3/4] update registration rules to remove subtypes --- draft-ietf-gnap-core-protocol.md | 100 ++++--------------------------- 1 file changed, 10 insertions(+), 90 deletions(-) diff --git a/draft-ietf-gnap-core-protocol.md b/draft-ietf-gnap-core-protocol.md index d8f659f..8495eee 100644 --- a/draft-ietf-gnap-core-protocol.md +++ b/draft-ietf-gnap-core-protocol.md @@ -4624,7 +4624,7 @@ claims: REQUIRED. `typ` (string): -: The type header, value "gnap-binding+jwsd". REQUIRED. +: The type header, value "gnap-binding-jwsd". REQUIRED. `htm` (string): : The HTTP Method used to make this request, as a case-sensitive ASCII string. Note that most public HTTP methods are in uppercase ASCII by convention. REQUIRED. @@ -4660,7 +4660,7 @@ In this example, the JOSE Header contains the following parameters: "kid": "gnap-rsa", "uri": "https://server.example.com/gnap", "htm": "POST", - "typ": "gnap-binding+jwsd", + "typ": "gnap-binding-jwsd", "created": 1618884475 } ~~~ @@ -4793,7 +4793,7 @@ new JWS header that indicates the HTTP content's hash method. When rotating a key using Detached JWS, the message, which includes the new public key value or reference, is first signed with the old key as described above using a JWS object with `typ` header value -"gnap-binding-rotation+jwsd". The value of the JWS object is then taken as the payload of a new JWS +"gnap-binding-rotation-jwsd". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key using the parameters above. The value of the new JWS object is sent in the Detached-JWS header. @@ -4822,7 +4822,7 @@ To protect the request, the JWS header contains the following claims. REQUIRED. `typ` (string): -: The type header, value "gnap-binding+jws". REQUIRED. +: The type header, value "gnap-binding-jws". REQUIRED. `htm` (string): : The HTTP Method used to make this request, as a case-sensitive ASCII string. (Note that most public HTTP methods are in uppercase.) REQUIRED. @@ -4862,7 +4862,7 @@ In this example, the JOSE header contains the following parameters: "kid": "gnap-rsa", "uri": "https://server.example.com/gnap", "htm": "POST", - "typ": "gnap-binding+jws", + "typ": "gnap-binding-jws", "created": 1618884475 } ~~~ @@ -4970,7 +4970,7 @@ new header that indicates the HTTP content's hash method. #### Key Rotation using Attached JWS -When rotating a key using Attached JWS, the message, which includes the new public key value or reference, is first signed with the old key using a JWS object with `typ` header value "gnap-binding-rotation+jws". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key. +When rotating a key using Attached JWS, the message, which includes the new public key value or reference, is first signed with the old key using a JWS object with `typ` header value "gnap-binding-rotation-jws". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key. # Resource Access Rights {#resource-access-rights} @@ -5478,58 +5478,10 @@ This section requests registration of the following media types {{RFC2046}} in the "Media Types" registry {{IANA.MediaTypes}} in the manner described in {{RFC6838}}. -To indicate that the content is a GNAP request message to be bound with a JOSE mechanism: - -* Type name: application -* Subtype name: gnap-binding -* Required parameters: n/a -* Optional parameters: n/a -* Encoding considerations: binary -* Security considerations: See {{security}} of {{&SELF}} -* Interoperability considerations: n/a -* Published specification: {{&SELF}} -* Applications that use this media type: GNAP -* Fragment identifier considerations: n/a -* Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a -* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org -* Intended usage: COMMON -* Restrictions on usage: none -* Author: IETF GNAP Working Group, txauth@ietf.org -* Change Controller: IETF -* Provisional registration? No - - -To indicate that the content is a GNAP token rotation message to be bound with a JOSE mechanism: - -* Type name: application -* Subtype name: gnap-binding-rotation -* Required parameters: n/a -* Optional parameters: n/a -* Encoding considerations: binary -* Security considerations: See {{security}} of {{&SELF}} -* Interoperability considerations: n/a -* Published specification: {{&SELF}} -* Applications that use this media type: GNAP -* Fragment identifier considerations: n/a -* Additional information: - * Magic number(s): n/a - * File extension(s): n/a - * Macintosh file type code(s): n/a -* Person & email address to contact for further information: IETF GNAP Working Group, txauth@ietf.org -* Intended usage: COMMON -* Restrictions on usage: none -* Author: IETF GNAP Working Group, txauth@ietf.org -* Change Controller: IETF -* Provisional registration? No - - To indicate that the content is a GNAP message to be bound with a detached JWS mechanism: * Type name: application -* Subtype name: gnap-binding+jwsd +* Subtype name: gnap-binding-jwsd * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary @@ -5552,7 +5504,7 @@ To indicate that the content is a GNAP message to be bound with a detached JWS m To indicate that the content is a GNAP message to be bound with an attached JWS mechanism: * Type name: application -* Subtype name: gnap-binding+jws +* Subtype name: gnap-binding-jws * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary @@ -5575,7 +5527,7 @@ To indicate that the content is a GNAP message to be bound with an attached JWS To indicate that the content is a GNAP token rotation message to be bound with a detached JWS mechanism: * Type name: application -* Subtype name: gnap-binding-rotation+jwsd +* Subtype name: gnap-binding-rotation-jwsd * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary @@ -5598,7 +5550,7 @@ To indicate that the content is a GNAP token rotation message to be bound with a To indicate that the content is a GNAP token rotation message to be bound with an attached JWS mechanism: * Type name: application -* Subtype name: gnap-binding-rotation+jws +* Subtype name: gnap-binding-rotation-jws * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary @@ -5618,38 +5570,6 @@ To indicate that the content is a GNAP token rotation message to be bound with a * Change Controller: IETF * Provisional registration? No -## Structured Syntax Suffix Registration - -This section requests registration of the "+jws" and "+jwsd" structured syntax suffixes in -the "Structured Syntax Suffix" registry {{IANA.StructuredSuffix}} in -the manner described in {{RFC6838}}, which can be used to indicate that -the media type is encoded as a compact form JWS with either attached or detached payload content. - -To indicate the content is a compact form JWS as defined by {{RFC7515}} with attached payload: - -* Name: JWS -* +suffix: +jws -* References: {{&SELF}} -* Encoding considerations: binary; JWS values are a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. -* Interoperability considerations: n/a -* Fragment identifier considerations: n/a -* Security considerations: See {{security}} of {{&SELF}} -* Author: IETF GNAP Working Group, txauth@ietf.org -* Author/Change controller: IETF - -To indicate the content is a compact form JWS as defined by {{RFC7515}} with detached payload: - -* Name: Detached JWS -* +suffix: +jwsd -* References: {{&SELF}} -* Encoding considerations: binary; JWS values are a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. -* Interoperability considerations: n/a -* Fragment identifier considerations: n/a -* Security considerations: See {{security}} of {{&SELF}} -* Author: IETF GNAP Working Group, txauth@ietf.org -* Author/Change controller: IETF - - ## GNAP Grant Request Parameters {#IANA-grant-request} This document defines a GNAP grant request, for which IANA is asked to create and maintain a new registry titled "GNAP Grant Request Parameters". Initial values for this registry are given in {{IANA-grant-request-contents}}. Future assignments and modifications to existing assignment are to be made through the Specification Required registration policy {{?RFC8126}}. From 618e3e8ef75ac92528f9ace8269ed281144cbf97 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 8 Mar 2024 16:42:19 -0500 Subject: [PATCH 4/4] remove unused reference --- draft-ietf-gnap-core-protocol.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/draft-ietf-gnap-core-protocol.md b/draft-ietf-gnap-core-protocol.md index 8495eee..c6c07f7 100644 --- a/draft-ietf-gnap-core-protocol.md +++ b/draft-ietf-gnap-core-protocol.md @@ -150,12 +150,6 @@ informative: - fullname: IANA title: Media Types - IANA.StructuredSuffix: - target: "https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml" - author: - - - fullname: IANA - title: Structured Syntax Suffixs entity: SELF: "RFC nnnn"