[regext] Redacted implemented server side?

[Marc Blanchet]

Hello,
 Anyone on the server side has implemented redacted 
(draft-ietf-regext-rdap-redacted-02 ) ? Just looking into implementing it on my 
mobile client and wanted to know if I can try with some servers? Reply on the 
list or direct to me, up to you.

Thanks, Marc.
___
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Re: [regext] id_token parameter usage in rdap-openid

[Tom Harrison]

On Fri, Jan 21, 2022 at 03:10:02PM +, Scott Hollenbeck wrote:
> On Fri, Jan 21, 2022 at 08:26:20AM +1000, Tom Harrison wrote:
>> But it's not guaranteed that every user identifier will be
>> associated with a host that is implementing issuer discovery.  For
>> example, an RDAP server might be configured to use multiple
>> authorisation servers, each of which permits the use of arbitrary
>> email addresses as identifiers.  Because each permits arbitrary
>> email addresses, it's not possible to use a simple mapping from the
>> domain of the email address to the authorisation server.  The RDAP
>> server is then reliant on issuer discovery being implemented by the
>> email host, but there's no guarantee that it will be (Gmail doesn't
>> implement it, for example).  If an RDAP server has some specific
>> out-of-band means for mapping identifiers to authorisation servers,
>> then it could rely on that, but that may not be possible in all
>> situations.  The RDAP server then has to fall back to requesting
>> that the user select an authorisation server during the login
>> process: this is fine, but it means that the RDAP server is
>> receiving extra information during the login process that it won't
>> have available to it during subsequent token-based requests.
> 
> [SAH] Hmm, Google used to support webfinger with Gmail. I can't find
> anything that says they've discontinued the service, but the
> resources I used in the past can't be found at their old locations.
> 
> If we can't assume that discovery based on attributes of the
> identifier is reliable, what can we do? Out-of-band
> negotiation/configuration is one method, or we can ask the
> user/client to somehow identify the Identity Provider when they
> request tokens. That sounds more complicated than I'd prefer, but do
> we have any other options?

No, I don't think there are other options.  But given that login is an
interactive process anyway, asking them to select an identity provider
at that point doesn't sound like too much of a problem.

-Tom

___
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Re: [regext] Redacted implemented server side?

[Mario Loffredo]

Hi Marc,

I'm going to implement it. I inform you when it is running.

Mario

Il 23/01/2022 20:59, Marc Blanchet ha scritto:

Hello,
  Anyone on the server side has implemented redacted 
(draft-ietf-regext-rdap-redacted-02 ) ? Just looking into implementing it on my 
mobile client and wanted to know if I can try with some servers? Reply on the 
list or direct to me, up to you.

Thanks, Marc.
___
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext


--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo

___
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext