Discussion:
[OAUTH-WG] Future of PoP Work
Hannes Tschofenig
2016-10-19 18:45:13 UTC
Permalink
Hi all,

two questions surfaced at the last IETF meeting, namely

1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?

2) Do we want to continue the work on HTTP signing?

We would appreciate your input on these two questions.

Ciao
Hannes & Derek
Mike Jones
2016-10-19 19:04:57 UTC
Permalink
1. We should continue the PoP work in the OAuth working group and not move it to ACE. (This was also discussed in the minutes at https://www.ietf.org/proceedings/96/minutes/minutes-96-oauth.)

2. We should abandon the HTTP signing work. It is both overly complicated *and* incomplete - not a good combination. This same combination is what let people to abandon OAuth 1.0 in favor of WRAP and later OAuth 2.0. We should learn from our own mistakes. ;-)

-- Mike

-----Original Message-----
From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, October 19, 2016 2:45 PM
To: ***@ietf.org
Subject: [OAUTH-WG] Future of PoP Work

Hi all,

two questions surfaced at the last IETF meeting, namely

1) Do we want to proceed with the symmetric implementation of PoP or, alternatively, do we want to move it over to the ACE working group?

2) Do we want to continue the work on HTTP signing?

We would appreciate your input on these two questions.

Ciao
Hannes & Derek
Phil Hunt (IDM)
2016-10-19 19:18:36 UTC
Permalink
While the tokbind seems strategic, there are concerns about universality. A chief barrier is getting all tls termination points to support - a matter of substantial time.

There are also those that argue that we still need an app layer end-to-end solution that pop provides.

That said, I am not sure pop is that useful without some form of request/response signing solution.

I hate to say this but maybe we have to go with some form of encapsulation? Eg a signed http request within an http request? Ugh!

Phil
Post by Mike Jones
1. We should continue the PoP work in the OAuth working group and not move it to ACE. (This was also discussed in the minutes at https://www.ietf.org/proceedings/96/minutes/minutes-96-oauth.)
2. We should abandon the HTTP signing work. It is both overly complicated *and* incomplete - not a good combination. This same combination is what let people to abandon OAuth 1.0 in favor of WRAP and later OAuth 2.0. We should learn from our own mistakes. ;-)
-- Mike
-----Original Message-----
Sent: Wednesday, October 19, 2016 2:45 PM
Subject: [OAUTH-WG] Future of PoP Work
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or, alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Brian Campbell
2016-10-19 19:53:53 UTC
Permalink
In my opinion, at this time, the OAuth WG should not proceed with the
symmetric implementation of PoP and should not continue work on HTTP
signing.

On Wed, Oct 19, 2016 at 12:45 PM, Hannes Tschofenig <
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Anthony Nadalin
2016-10-19 22:24:05 UTC
Permalink
I would like to see us proceed with the symmetric PoP work in Oauth WG and stop the HTTP Signing work all together

From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of Brian Campbell
Sent: Wednesday, October 19, 2016 12:54 PM
To: Hannes Tschofenig <***@gmx.net>
Cc: ***@ietf.org
Subject: Re: [OAUTH-WG] Future of PoP Work

In my opinion, at this time, the OAuth WG should not proceed with the symmetric implementation of PoP and should not continue work on HTTP signing.

On Wed, Oct 19, 2016 at 12:45 PM, Hannes Tschofenig <***@gmx.net<mailto:***@gmx.net>> wrote:
Hi all,

two questions surfaced at the last IETF meeting, namely

1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?

2) Do we want to continue the work on HTTP signing?

We would appreciate your input on these two questions.

Ciao
Hannes & Derek


_______________________________________________
OAuth mailing list
***@ietf.org<mailto:***@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Foauth&data=02%7C01%7Ctonynad%40microsoft.com%7C98fbf7a5c8ba43e87da508d3f859be52%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125036740748315&sdata=wmmgZVRaG%2FNEj2rEJaGjkNuBuFPp5uADFP0aPnprNSA%3D&reserved=0>
Justin Richer
2016-10-22 17:47:39 UTC
Permalink
I believe that the PoP work should stay in the working group, and that without a usable presentation mechanism such as an HTTP message signature the whole work is pointless. I agree with Mike that we should learn from our own mistakes — and that is precisely the direction that the current HTTP signing draft took. As a result, the base level of functionality is signing the token itself (with a timestamp/nonce) using the key. All of the fiddly HTTP bits that trip people up? Not only are they optional, but it’s explicitly declared what’s covered. Why? Because we’re learning from past mistakes.

I think that token binding is relying on a lot of “ifs” that aren’t real yet, and if those “ifs” become reality then it will be to the benefit of large internet companies over everyone else. Additionally, token binding in OAuth is far from the simple solution that it’s being sold as. The very nature of an access token goes against the original purpose of tying an artifact to a single presentation channel. OAuth clients in the real world need to be able to deal with multiple resource servers and dynamically deployed APIs, and the token binding protocol fundamentally assumes a world where two machines are talking directly to each other.

All that said, this working group has consistently shown resistance to solving this problem for many years, so the results of this query don’t at all surprise me.

— Justin
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Samuel Erdtman
2016-10-24 15:29:18 UTC
Permalink
+1 on doing PoP work in this working group, including HTTP signing/MACing,
I donÂŽt think the old HTTP signature document was that far from useful.

With the ACE work I like when it is possible to just map work done in the
OAuth and other working groups to the more optimized protocols. Some would
maybe say that it is sub-optimal that the protocol was not initially
designed for the constrained environment but I think the benefit of concept
validation from web is a bigger plus.

//Samuel
Post by Justin Richer
I believe that the PoP work should stay in the working group, and that
without a usable presentation mechanism such as an HTTP message signature
the whole work is pointless. I agree with Mike that we should learn from
our own mistakes — and that is precisely the direction that the current
HTTP signing draft took. As a result, the base level of functionality is
signing the token itself (with a timestamp/nonce) using the key. All of the
fiddly HTTP bits that trip people up? Not only are they optional, but it’s
explicitly declared what’s covered. Why? Because we’re learning from past
mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real
yet, and if those “ifs” become reality then it will be to the benefit of
large internet companies over everyone else. Additionally, token binding in
OAuth is far from the simple solution that it’s being sold as. The very
nature of an access token goes against the original purpose of tying an
artifact to a single presentation channel. OAuth clients in the real world
need to be able to deal with multiple resource servers and dynamically
deployed APIs, and the token binding protocol fundamentally assumes a world
where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to
solving this problem for many years, so the results of this query don’t at
all surprise me.
— Justin
On Oct 19, 2016, at 11:45 AM, Hannes Tschofenig <
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Phil Hunt (IDM)
2016-10-24 15:38:48 UTC
Permalink
Maybe if we reworked the signing doc so content types like xml and json could be signed?

This would cover for the majority of web api cases.

Wonder what the advice of the http wg would be on this.

Phil
+1 on doing PoP work in this working group, including HTTP signing/MACing, I donÂŽt think the old HTTP signature document was that far from useful.
With the ACE work I like when it is possible to just map work done in the OAuth and other working groups to the more optimized protocols. Some would maybe say that it is sub-optimal that the protocol was not initially designed for the constrained environment but I think the benefit of concept validation from web is a bigger plus.
//Samuel
Post by Justin Richer
I believe that the PoP work should stay in the working group, and that without a usable presentation mechanism such as an HTTP message signature the whole work is pointless. I agree with Mike that we should learn from our own mistakes — and that is precisely the direction that the current HTTP signing draft took. As a result, the base level of functionality is signing the token itself (with a timestamp/nonce) using the key. All of the fiddly HTTP bits that trip people up? Not only are they optional, but it’s explicitly declared what’s covered. Why? Because we’re learning from past mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real yet, and if those “ifs” become reality then it will be to the benefit of large internet companies over everyone else. Additionally, token binding in OAuth is far from the simple solution that it’s being sold as. The very nature of an access token goes against the original purpose of tying an artifact to a single presentation channel. OAuth clients in the real world need to be able to deal with multiple resource servers and dynamically deployed APIs, and the token binding protocol fundamentally assumes a world where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to solving this problem for many years, so the results of this query don’t at all surprise me.
— Justin
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Justin Richer
2016-10-24 20:06:28 UTC
Permalink
You can already sign arbitrary content using a body hash with the current spec.

— Justin
Post by Phil Hunt (IDM)
Maybe if we reworked the signing doc so content types like xml and json could be signed?
This would cover for the majority of web api cases.
Wonder what the advice of the http wg would be on this.
Phil
+1 on doing PoP work in this working group, including HTTP signing/MACing, I donÂŽt think the old HTTP signature document was that far from useful.
With the ACE work I like when it is possible to just map work done in the OAuth and other working groups to the more optimized protocols. Some would maybe say that it is sub-optimal that the protocol was not initially designed for the constrained environment but I think the benefit of concept validation from web is a bigger plus.
//Samuel
I believe that the PoP work should stay in the working group, and that without a usable presentation mechanism such as an HTTP message signature the whole work is pointless. I agree with Mike that we should learn from our own mistakes — and that is precisely the direction that the current HTTP signing draft took. As a result, the base level of functionality is signing the token itself (with a timestamp/nonce) using the key. All of the fiddly HTTP bits that trip people up? Not only are they optional, but it’s explicitly declared what’s covered. Why? Because we’re learning from past mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real yet, and if those “ifs” become reality then it will be to the benefit of large internet companies over everyone else. Additionally, token binding in OAuth is far from the simple solution that it’s being sold as. The very nature of an access token goes against the original purpose of tying an artifact to a single presentation channel. OAuth clients in the real world need to be able to deal with multiple resource servers and dynamically deployed APIs, and the token binding protocol fundamentally assumes a world where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to solving this problem for many years, so the results of this query don’t at all surprise me.
— Justin
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
Phil Hunt
2016-10-24 20:27:11 UTC
Permalink
Rather than focus on headers and URL param signing, focus on specifying how content is signed in the context of PoP.

I think there might be a clearer path for example if we new that signing for application/json and application/xml worked well.

As we’ve been discussing signing headers and URL params is theoretically do-able, but it probably has more limited use and would remain experimental.

Phil

@independentid
Post by Justin Richer
You can already sign arbitrary content using a body hash with the current spec.
— Justin
Post by Phil Hunt (IDM)
Maybe if we reworked the signing doc so content types like xml and json could be signed?
This would cover for the majority of web api cases.
Wonder what the advice of the http wg would be on this.
Phil
+1 on doing PoP work in this working group, including HTTP signing/MACing, I donÂŽt think the old HTTP signature document was that far from useful.
With the ACE work I like when it is possible to just map work done in the OAuth and other working groups to the more optimized protocols. Some would maybe say that it is sub-optimal that the protocol was not initially designed for the constrained environment but I think the benefit of concept validation from web is a bigger plus.
//Samuel
I believe that the PoP work should stay in the working group, and that without a usable presentation mechanism such as an HTTP message signature the whole work is pointless. I agree with Mike that we should learn from our own mistakes — and that is precisely the direction that the current HTTP signing draft took. As a result, the base level of functionality is signing the token itself (with a timestamp/nonce) using the key. All of the fiddly HTTP bits that trip people up? Not only are they optional, but it’s explicitly declared what’s covered. Why? Because we’re learning from past mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real yet, and if those “ifs” become reality then it will be to the benefit of large internet companies over everyone else. Additionally, token binding in OAuth is far from the simple solution that it’s being sold as. The very nature of an access token goes against the original purpose of tying an artifact to a single presentation channel. OAuth clients in the real world need to be able to deal with multiple resource servers and dynamically deployed APIs, and the token binding protocol fundamentally assumes a world where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to solving this problem for many years, so the results of this query don’t at all surprise me.
— Justin
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
Justin Richer
2016-10-24 21:58:16 UTC
Permalink
The reason that there’s a lot of discussion on headers and query parameters and not a lot of discussion on the content is that there’s nothing special for signing the body whether it’s XML or JSON or HTML: it’s just a hash of the entity body, sent as the “b” parameter in the JWS. The body is less likely to be transformed than the headers or parameters, and getting into “how to sign XML” or “how to sign JSON” beyond “just take the body as a byte array and hash it” is problematic. I don’t think we want to get into the business of normalization or canonicalization of the message body.

Keep in mind that this is all for the HTTP *request* from the client and not the HTTP *response* from the RS.

— Justin
Post by Phil Hunt
Rather than focus on headers and URL param signing, focus on specifying how content is signed in the context of PoP.
I think there might be a clearer path for example if we new that signing for application/json and application/xml worked well.
As we’ve been discussing signing headers and URL params is theoretically do-able, but it probably has more limited use and would remain experimental.
Phil
@independentid
Post by Justin Richer
You can already sign arbitrary content using a body hash with the current spec.
— Justin
Post by Phil Hunt (IDM)
Maybe if we reworked the signing doc so content types like xml and json could be signed?
This would cover for the majority of web api cases.
Wonder what the advice of the http wg would be on this.
Phil
+1 on doing PoP work in this working group, including HTTP signing/MACing, I donÂŽt think the old HTTP signature document was that far from useful.
With the ACE work I like when it is possible to just map work done in the OAuth and other working groups to the more optimized protocols. Some would maybe say that it is sub-optimal that the protocol was not initially designed for the constrained environment but I think the benefit of concept validation from web is a bigger plus.
//Samuel
I believe that the PoP work should stay in the working group, and that without a usable presentation mechanism such as an HTTP message signature the whole work is pointless. I agree with Mike that we should learn from our own mistakes — and that is precisely the direction that the current HTTP signing draft took. As a result, the base level of functionality is signing the token itself (with a timestamp/nonce) using the key. All of the fiddly HTTP bits that trip people up? Not only are they optional, but it’s explicitly declared what’s covered. Why? Because we’re learning from past mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real yet, and if those “ifs” become reality then it will be to the benefit of large internet companies over everyone else. Additionally, token binding in OAuth is far from the simple solution that it’s being sold as. The very nature of an access token goes against the original purpose of tying an artifact to a single presentation channel. OAuth clients in the real world need to be able to deal with multiple resource servers and dynamically deployed APIs, and the token binding protocol fundamentally assumes a world where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to solving this problem for many years, so the results of this query don’t at all surprise me.
— Justin
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
Blue Teazzers
2016-10-25 04:12:09 UTC
Permalink
Hi everyone
Post by Justin Richer
The reason that there’s a lot of discussion on headers and query
parameters and not a lot of discussion on the content is that there’s
nothing special for signing the body whether it’s XML or JSON or HTML: it’s
just a hash of the entity body, sent as the “b” parameter in the JWS. The
body is less likely to be transformed than the headers or parameters, and
getting into “how to sign XML” or “how to sign JSON” beyond “just take the
body as a byte array and hash it” is problematic. I don’t think we want to
get into the business of normalization or canonicalization of the message
body.
Keep in mind that this is all for the HTTP *request* from the client and
not the HTTP *response* from the RS.
— Justin
Rather than focus on headers and URL param signing, focus on specifying
how content is signed in the context of PoP.
I think there might be a clearer path for example if we new that signing
for application/json and application/xml worked well.
As we’ve been discussing signing headers and URL params is theoretically
do-able, but it probably has more limited use and would remain experimental.
Phil
@independentid
www.independentid.com
You can already sign arbitrary content using a body hash with the current spec.
— Justin
Maybe if we reworked the signing doc so content types like xml and json could be signed?
This would cover for the majority of web api cases.
Wonder what the advice of the http wg would be on this.
Phil
+1 on doing PoP work in this working group, including HTTP signing/MACing,
I donÂŽt think the old HTTP signature document was that far from useful.
With the ACE work I like when it is possible to just map work done in the
OAuth and other working groups to the more optimized protocols. Some would
maybe say that it is sub-optimal that the protocol was not initially
designed for the constrained environment but I think the benefit of concept
validation from web is a bigger plus.
//Samuel
Post by Justin Richer
I believe that the PoP work should stay in the working group, and that
without a usable presentation mechanism such as an HTTP message signature
the whole work is pointless. I agree with Mike that we should learn from
our own mistakes — and that is precisely the direction that the current
HTTP signing draft took. As a result, the base level of functionality is
signing the token itself (with a timestamp/nonce) using the key. All of the
fiddly HTTP bits that trip people up? Not only are they optional, but it’s
explicitly declared what’s covered. Why? Because we’re learning from past
mistakes.
I think that token binding is relying on a lot of “ifs” that aren’t real
yet, and if those “ifs” become reality then it will be to the benefit of
large internet companies over everyone else. Additionally, token binding in
OAuth is far from the simple solution that it’s being sold as. The very
nature of an access token goes against the original purpose of tying an
artifact to a single presentation channel. OAuth clients in the real world
need to be able to deal with multiple resource servers and dynamically
deployed APIs, and the token binding protocol fundamentally assumes a world
where two machines are talking directly to each other.
All that said, this working group has consistently shown resistance to
solving this problem for many years, so the results of this query don’t at
all surprise me.
— Justin
On Oct 19, 2016, at 11:45 AM, Hannes Tschofenig <
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Ludwig Seitz
2016-10-25 05:50:48 UTC
Permalink
Post by Hannes Tschofenig
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these two questions.
Ciao
Hannes & Derek
Hello,

maybe my 2-cents as author of the ACE draft that needs PoP can
contribute something here:

I would also prefer that you guys make the PoP specs and I just make a
ACE profile on top of them. However the ACE work is moving forward and
the PoP work at OAuth seems to be stuck.

I've currently taken what was available form draft-ietf-oauth-pop-* and
moved the relevant text into draft-ietf-ace-oauth-authz (acknowledging
the original authors of course), since it was unclear to me what the
future status of the pop drafts would be.

I'm absolutely willing to remove the text again and reference an OAuth
WG document instead, if I feel it will not significantly delay the
progress of the ACE draft.

Hope this information helps in the decision making.


Regards,

Ludwig
--
Ludwig Seitz, PhD SICS Swedish ICT AB
Ideon Science Park, Building Beta 2
Scheelevägen 17, SE-223 70 Lund
Phone +46(0)70-349 92 51

The RISE institutes SP, Swedish ICT and Innventia are merging in order
to create a unified institute sector and become a stronger innovation
partner for businesses and society. At the end of the year we will
change our name to RISE. Read more at www.ri.se/en/about-rise
Continue reading on narkive:
Loading...