Adding Human Rights Considerations #434
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for gnap-core-protocol-editors-draft ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
|
|
||
| Requiring the resource owner to share their policies with a resource controller they can't choose is a violation of human rights through forced association. A well-understood non-digital example is "forced arbitration" clauses where the powerful service provider gets to choose the arbitrator. In addition to forced policy sharing, giving the mandated controller access to user requests enables unwarranted surveillance and is an impediment to freedom of assembly. As with OAuth2 and UMA2, GNAP offers implementers of a resource server the choice to support freedom of assembly and association, but experience teaches us that resource servers will hardly ever make that choice unless it's core to the protocol's interoperability and user experience design. | ||
|
|
||
| By way of mitigation, GNAP allows the RS to choose their AS as controller but also allows the RO to choose _their_ intermediary to for processing resource requests. This intermediary could be a fiduciary or a community unrelated to and untrusted by either the AS or RS. |
There was a problem hiding this comment.
Suggested change
| By way of mitigation, GNAP allows the RS to choose their AS as controller but also allows the RO to choose _their_ intermediary to for processing resource requests. This intermediary could be a fiduciary or a community unrelated to and untrusted by either the AS or RS. | |
| By way of mitigation, GNAP allows the RS to choose their AS as controller but also allows the RO to choose _their_ intermediary for processing resource requests. This intermediary could be a fiduciary or a community unrelated to and untrusted by either the AS or RS. |
|
|
||
| By way of mitigation, GNAP allows the RS to choose their AS as controller but also allows the RO to choose _their_ intermediary to for processing resource requests. This intermediary could be a fiduciary or a community unrelated to and untrusted by either the AS or RS. | ||
|
|
||
| As discussed below, delegation should also support attentuation and GNAP supports attenuation through either directly by token design or indirectly through token exchange at the AS. |
There was a problem hiding this comment.
Suggested change
| As discussed below, delegation should also support attentuation and GNAP supports attenuation through either directly by token design or indirectly through token exchange at the AS. | |
| As discussed below, delegation should also support attenuation and GNAP supports attenuation either directly through token design or indirectly through token exchange at the AS. |
fimbault
reviewed
Sep 28, 2022
| @@ -5602,6 +5602,52 @@ it is not usually feasible to provide notification and warning to someone before | |||
| needs to be executed, as is the case with redirection URLs. As such, SSRF is somewhat more difficult | |||
| to manage at runtime, and systems should generally refuse to fetch a URI if unsure. | |||
|
|
|||
| # Human Rights Considerations {#human-rights} | |||
There was a problem hiding this comment.
I sympathize with the goal here. However, delegation probably doesn't have a direct placeholder in the core draft, and it seems to be better suited for the RS draft (where we define different types of tokens and their capabilities, etc.)
fimbault
reviewed
Sep 28, 2022
|
|
||
| ## Can GNAP Promote Freedom of Association and Assembly? | ||
|
|
||
| OAuth and related protocols like OpenID Connect have contributed to global platform oligopolies that are difficult to regulate and, when pressed, collaborate with governments that do not honor universal human rights. This unintended consequence of authorization design is due to a combination of resource server autonomy and resource user convenience. Resource servers, if allowed, will do as much surveillance as they can get away with or outsource that surveillance to platform intermediaries in exchange for a reduced operating cost. For their part, users will, almost without exception, choose the most convenient path to resource access even when that path exposes them to secondary costs or poorly understood risks. |
There was a problem hiding this comment.
Sure, but that's a hard stance of the community. There's no way you can control what will be used by large corporations in the end
fimbault
reviewed
Sep 28, 2022
|
|
||
| It is therefore now common practice for a resource server to align its interest with an authorization server and often an identity provider as well. For example, a network effect ensues when a social network offers users "free" resource processing as long as they are also party to the resource control function and, for the most successful social networks, trusted as identity providers. | ||
|
|
||
| Requiring the resource owner to share their policies with a resource controller they can't choose is a violation of human rights through forced association. A well-understood non-digital example is "forced arbitration" clauses where the powerful service provider gets to choose the arbitrator. In addition to forced policy sharing, giving the mandated controller access to user requests enables unwarranted surveillance and is an impediment to freedom of assembly. As with OAuth2 and UMA2, GNAP offers implementers of a resource server the choice to support freedom of assembly and association, but experience teaches us that resource servers will hardly ever make that choice unless it's core to the protocol's interoperability and user experience design. |
There was a problem hiding this comment.
again very strong wording
fimbault
reviewed
Sep 28, 2022
|
|
||
| Requiring the resource owner to share their policies with a resource controller they can't choose is a violation of human rights through forced association. A well-understood non-digital example is "forced arbitration" clauses where the powerful service provider gets to choose the arbitrator. In addition to forced policy sharing, giving the mandated controller access to user requests enables unwarranted surveillance and is an impediment to freedom of assembly. As with OAuth2 and UMA2, GNAP offers implementers of a resource server the choice to support freedom of assembly and association, but experience teaches us that resource servers will hardly ever make that choice unless it's core to the protocol's interoperability and user experience design. | ||
|
|
||
| By way of mitigation, GNAP allows the RS to choose their AS as controller but also allows the RO to choose _their_ intermediary to for processing resource requests. This intermediary could be a fiduciary or a community unrelated to and untrusted by either the AS or RS. |
There was a problem hiding this comment.
That's not the only potential mitigation : one objective is to play nice with the DID/VC communities and avoid (or at least not mandate) the silo effect of centralized identity (as oidc generally does).
DIDs are already included in the draft. Potentially the assertions field is something we could expand.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Per the discussion at IETF114, this is a new section based on human rights