[Ace] draft-ietf-ace-oauth-authz

Jim Schaad <ietf@augustcellars.com> Sun, 24 February 2019 00:14 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AAA27128D0B; Sat, 23 Feb 2019 16:14:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.794
X-Spam-Status: No, score=-0.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id re72eXE5_fDv; Sat, 23 Feb 2019 16:14:04 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF155129619; Sat, 23 Feb 2019 16:14:04 -0800 (PST)
Received: from Jude ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 23 Feb 2019 16:13:57 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: <draft-ietf-ace-oauth-authz@ietf.org>
CC: 'ace' <ace@ietf.org>
Date: Sat, 23 Feb 2019 16:13:56 -0800
Message-ID: <000201d4cbd5$d6837900$838a6b00$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdTGNZQIcJ0MUL7FSQWoJpIWaDsJxA==
Content-Language: en-us
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/P25Sd4iqra4H0Ade5vmFECcAGTE>
Subject: [Ace] draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Feb 2019 00:14:06 -0000

1.  Figure 4 needs to be updated as it no longer matches Figure 3.

2. In section 8.2 - Should he error usage location match any of the current
values in the table.   Possibly "authorization server response"

3. In section 8.3 - Is/Should there be a requirement that the error also be
registered in an OAuth registry?  If so then this needs to be part of the
expert reviewer instructions on this registry.

4. In section 8.4 - Is there a reason to require a specification for this
registry?  Should it be sufficient to have somebody request that a mapping
be registered and the DE approves it?  The previous comment would apply to
all of the mapping registries that are just mappings.

5. In section 8.5 - You are missing two fields of the registration template.
Specifically should the expiration time field be noted in the "Additional
Token Endpoint Response Parameters" column.

6. In section 8.9 - see comments of section 8.3 and 8.4

7.  In section 8.11 - see comments of section 8.3 and 8.4

8.  This document has an IPR disclosure on it.   If anybody has any problems
with the current disclosure then they need to speak up now.