Markdown Version | Session Recording

Session Date/Time: 28 Jul 2023 16:30

gnap

Summary

This meeting focused primarily on the status of the GNAAP core protocol and the resource server (RS) draft. The core protocol has been submitted to the ISG for review. The main discussion centered around three open issues within the RS draft: RS revoking access, handling symmetric keys during introspection, and a potential token substitution attack identified by Florian's thesis. Decisions were made to address the symmetric key issue and to analyze the token substitution attack in collaboration with its authors.

Key Discussion Points

• Core Protocol Status: The core protocol is with the ISG and awaiting review, possibly for publication in late August.
• RS Draft Status: The RS draft is targeted for working group last call before IETF 118.
• RS Revoking Access (Issue #52): The group agreed that allowing the RS to directly revoke access tokens is out of scope for the current RS draft but could be considered as an extension.
• Symmetric Keys and Introspection (Issue #47): There was a consensus to restrict sending symmetric keys by value in introspection responses, allowing only key references or identifiers.
• Token Substitution Attack (Issue #56): A complex token substitution attack was presented. The discussion revolved around potential mitigations and the need for a security considerations section describing the attack. Proposed solutions from the authors of the attack were considered, with concerns raised about their effectiveness and potential complications.
• Discovery: Discussion about how a client knows which AS is served by the RS (www-authenticate response).

Decisions and Action Items

• Issue #52 (RS Revoking Access): Close the issue without action in the current RS draft. Ensure extensibility points are clear to enable this functionality in future extensions.
• Issue #47 (Symmetric Keys and Introspection): Restrict the sending of symmetric keys by value in introspection responses. Add explicit text to the introspection section.
• Issue #56 (Token Substitution Attack): Add a security considerations section describing the attack flow and emphasizing the importance of a tight binding between the AS and RS from the client's perspective.
• Action Item: Contact the authors of the token substitution attack (Florian's group) to discuss potential alternative solutions that do not involve implementer guidance.
• Action Item: Investigate if the authors of the token substitution attack will be at the upcoming OAuth Security Workshop (OSW) for further discussion.

Next Steps

• Editors will address the agreed-upon changes in the RS draft.
• Discussions on the three key issues will continue on the mailing list.
• An interim meeting or discussion at the OSW will be considered to address the token substitution attack.
• Target working group last call for RS draft before IETF 118.