Re: [Ace] [EXTERNAL] Éric Vyncke's No Objection on draft-ietf-ace-oauth-authz-38: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 16 April 2021 10:46 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 768D33A2091; Fri, 16 Apr 2021 03:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.618
X-Spam-Level:
X-Spam-Status: No, score=-9.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HS6B67XV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CUeSGbaz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xjF3QEnZma6; Fri, 16 Apr 2021 03:45:59 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82AFF3A2090; Fri, 16 Apr 2021 03:45:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10342; q=dns/txt; s=iport; t=1618569959; x=1619779559; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=NyAZxiVywJdxjRoiSSd7J6e4bCIq0jqKrLj0hfrc5rw=; b=HS6B67XVh3NEj6059Csyl5fP0B4UqJim/kvwe/AktGBqGvdLib41/zV9 J80g7rHX2r9fcaD02PufjjfdemWUBr60MiWrXQJf3FCS6X339wcgrXpCy OAvfFfNQ2KyH1fHL+mMiHcJynWaeo3PEork8yU8I1K0oDwBdbHtSsRI91 w=;
IronPort-PHdr: =?us-ascii?q?A9a23=3ATaCoNRG7z4Ne75gFfG7L4Z1GftgY04WcBSYc9?= =?us-ascii?q?4YnhrRSc6+q45XlOgnF6O5wiEPSNa3Q7PdOivbbuKCmQmFTqZqCsXVXdptKW?= =?us-ascii?q?ldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBqXq35z8OF?= =?us-ascii?q?x7/cxF4daz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0?= =?us-ascii?q?RDO5HBPfrc++A=3D=3D?=
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3AhmtrJa4sbT3L1XOLugPXwdmFI+orLtY04l?= =?us-ascii?q?Q7vn1ZYSd+NuSFisGjm+ka3xfoiDAXHEotg8yEJbPoexLh3LZPy800Ma25VA?= =?us-ascii?q?fr/FGpIoZr8Jf4z1TbdRHW3tV2kZ1te60WMrLNJHBxh8ri/U2cG9Ev3NGI/M?= =?us-ascii?q?mT9Jjj5l1GJDsaDJ1IxQF/FwqdDwlXaWB9dNoEPbCb4ddKoCflXHwRYNiyCH?= =?us-ascii?q?VtZZm8m/TgkpX6bRkaQyM94A6Vgj+yrJL8GR6U3hAROgk/gosK227DjgD/++?= =?us-ascii?q?Gfo+i2oyWsllP7wrZ3vJ/aytVFDNGRkcR9EFXRoyuheYgJYcz4gBkbu+eqgW?= =?us-ascii?q?xa9eXkgxBlBMhr7mOUQ2fdm2qQ5yDF8BIDr0Dv0kWZh3yLm726eBsfB9BajY?= =?us-ascii?q?xUNjv1gnBQxu1U665A02KHu5c/N3qp906Ri6mqJnNXv3G5rnY4nekYg2Y3a/?= =?us-ascii?q?piVJZqsYcd8ElJea1weh7S1YE9HOFiSOHa6fpGGGnqF0zxg2h1zNSgGkk0Bx?= =?us-ascii?q?eNK3Jyw/C97j4+pgEc82IogOgk2lsQ/pM0TJdJo87eNL5zqb1IRsgKKYpgGe?= =?us-ascii?q?YoW6KMeynwaCOJFFjXDUXsFakBNX6IgYXw+q8J6Oajf4FN5Icuma7GTEhTuQ?= =?us-ascii?q?cJCgbTIPzL+KcO3gHGQW27Uzio4NpZ/YJFtrr1Q6euFiGfVlY0kY+Fr+8ECs?= =?us-ascii?q?PWH9a/UagmRMPLHC/LI8Jkzgf+U55dJT01S8sOoOs2XFqIv4bFMYvvuuvHcO?= =?us-ascii?q?vCJbbkHDo+M1mPW0crbXzWHoFt/0qrUnj3jFz6QHX2YHHy+pp2Dezb8oEoud?= =?us-ascii?q?AwH7wJljJQpUWy58mNJzEHmLcxZlFCLLTulb7+oWG3+G3P/nh4IxY1NDcP3J?= =?us-ascii?q?zQF1dx4SMaOUL9drgO//+Ff3pJ4XeBLhhjC8XMEABeoFxz8bmtL4OZwD0jD9?= =?us-ascii?q?7PCBPds1Ij4FaxC7sMkKyK4snoPrkiCIw9ZaB3HQLXUwBulR1ys2dFYg8cTk?= =?us-ascii?q?rZHjfj4J/V1qA8NaX6TZ1RkQ2rKclbpTbjrk2av9goXWZedSWpS9SrjQEnQC?= =?us-ascii?q?d0ilV9/7QEuqeJnS+iJAIE8bkFGWwJTF7SIbpdSCyZeY1fm9nQCXBNZFbPoQ?= =?us-ascii?q?bftjYeVS7B8V4IimnoMCuOEMu7cmZ1izR/yabl8FR9a2OHWVl/A0oK7bFVJC?= =?us-ascii?q?Dhpmt51/ONa+6V1WacA2FynN01AXXifSYYJB9oypSM8COt3ByGFXkg2/wVT7?= =?us-ascii?q?PgJbw+brDe3W6sIoWUlacAW+RZ5ophKcqGiJ54bcuCYQOPaDv3B+Q1sjbl1U?= =?us-ascii?q?oNKW16rmIpnujv3wCg5G+k3GQnCf6XO1h+QaoHSuvso1TMVrKN0J9ji8gysv?= =?us-ascii?q?b1OmLtasSewaW/VU8IFjrD5Wq3Rfovs5ZaoOY7s6ZyBYDSVX/N2Gtc1BszaM?= =?us-ascii?q?fym0V2etU33JnRfotuddcVYSRX4x4gk8mONlIitkjuGfAlFGtdxkPzLpeM+f?= =?us-ascii?q?7FuLAvCkqOqE/5PkSe6TRU+7PAUzGY3bAXBqosKQ1tGQcBwWUn+PnHe5zbCQ?= =?us-ascii?q?2see0G5la8P3OneLJWSaSOG9wr311HysDNm/XSezvz2QjWszc+P7lH9Hy/R9?= =?us-ascii?q?iuRA2LAuxF/rWBSBqxq7rv5NT2ijj5STG2MRtFwYJEcFEddcRFhH0pipYt3i?= =?us-ascii?q?27V6zwpQYknjJlkEZav0+o3pLj5mHRWVxCO0nehJ5dWDFIKHiGjcjf64GjpT?= =?us-ascii?q?zAySkA3YOGDVtae9FFBsMZQYf2JTp/MMR4hs/dw4M/xiBYJAo0B2EyiDrhz/?= =?us-ascii?q?pr0Lew1vLVQfDjAx7TSCQ80C8AAJV1kCwtoXxBdMb77YvVWHRjKtI1?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BABgDYaXlg/5BdJa1aHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgVKBU1EHd1o2MYRDg0gDhTmISSUDjyiKFYFCgREDVAsBAQE?= =?us-ascii?q?NAQEoCgIEAQGEUAIXgVwCJTgTAgMBAQwBAQUBAQECAQYEcROFUA2GRAEBAQQ?= =?us-ascii?q?jEQwBATcBCwQCAQgRAwEBAQMCJgICAjAVBQMIAgQBDQWCcQGCVQMvAQ6hWAK?= =?us-ascii?q?KH3mBMoEBggQBAQaBNwIOQYMzGIITAwaBDyqCeIJxUkiCQB2DdSccgUlCgRM?= =?us-ascii?q?nDBCCXz6CYAEBAQEBgSgBEgGDODWCK4MuBA0VGRAGAQEUA2gGEwclCwUFKAE?= =?us-ascii?q?CDhkaLwOQOxIKgzWIH4MfmgKBCwqDDIlnhx6GS4U2BB+DTop9hhaQHoURkAm?= =?us-ascii?q?DN4g5kjgCJgQEGIRJAgQCBAUCDgEBBoFrI2lYEQdwFTEPJQFVHYEjKVAXAg6?= =?us-ascii?q?EPYliDBYVgzmFFIVFcwI2AgYBCQEBAwkBe4wSAQE?=
X-IronPort-AV: E=Sophos;i="5.82,226,1613433600"; d="scan'208";a="861324652"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Apr 2021 10:45:58 +0000
Received: from mail.cisco.com (xbe-rcd-003.cisco.com [173.37.102.18]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 13GAjvkd016456 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 16 Apr 2021 10:45:58 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-rcd-003.cisco.com (173.37.102.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 16 Apr 2021 05:45:57 -0500
Received: from xfe-aln-002.cisco.com (173.37.135.122) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 16 Apr 2021 05:45:57 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Fri, 16 Apr 2021 05:45:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zpck9NGiV/6MfiXjG7Vr46WDqXhcs1pzNekg8aWF5Y9kfSltlfJltBCcJYObfJ25V6wzmdBZyAUcgobnsxBEfLfvnX0r7B+bnSBXMm6finE9ZGKhupBHA8N1jZj0BBOtHH9aacQFm9szafn5afmr6VEF4rFmNqr6MVKm1b5wIRdXLdsomH7IKLhAAQnk67Jk88ctDcAMGfU2e9bJSVNPp5c18aR0hAedJAMSZcIA8yVcPJTciUtJc74JiA4iRbpbF+aIj6E+5eEW6epMZ3YTFKQywMIZ/j7fuBC7uQqhHCjDnqySwA9S5/Xem+04Ufk6mwV1MpccMsbqRg+eSvZe7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NyAZxiVywJdxjRoiSSd7J6e4bCIq0jqKrLj0hfrc5rw=; b=EnA+7zHyBPCggwTcCoN9QzgJQBH26ImPAWS7rvhxyg7oJXeow5ob0x7iQRFKF+/AEXAXGjQLaBBhU1N1MeVmPxc2TpBKXDQsMaVTWV/6dsGW+aoETDUzjDyzeVvdmL+OG6OhDqCP10NWydQFtNEEc4yvqqr0b9n0sG2daw76q7aoosn/GonntyO4WgXRjo/xoZDfczqv+fm8A7Gat6fa0r1i39shrVaRiDoHywVuhZ73S90T8t6s0vdhU6n8ISA0hCus5IehrGhxsRXax5EdXHJ6kYu09doDpii+O4Bq1YfGERMv8wCdmQJU+uwN7yTi///iUmReBvWSb5U5xFz+oQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NyAZxiVywJdxjRoiSSd7J6e4bCIq0jqKrLj0hfrc5rw=; b=CUeSGbazXDsvwjCfrZeYGukQNjQS5Yra/yf5gjHbvvc38viNR4cZv3YPPN6Wy72NZ+p6A841I9pfBFX2Pq5bE68XIjeEBy+tPbGr7gI2l/jn1mUpt71Ydnj/sD5HIgxKOpojHIUmLw6G30zX67i3wkwzJh011gW0vw0kBXnip+4=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4839.namprd11.prod.outlook.com (2603:10b6:510:42::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.18; Fri, 16 Apr 2021 10:45:56 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dcdf:3910:b85d:6eba]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dcdf:3910:b85d:6eba%7]) with mapi id 15.20.4042.018; Fri, 16 Apr 2021 10:45:56 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Seitz Ludwig <ludwig.seitz@combitech.se>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: =?utf-8?B?W0VYVEVSTkFMXSDDiXJpYyBWeW5ja2UncyBObyBPYmplY3Rpb24gb24gZHJh?= =?utf-8?Q?ft-ietf-ace-oauth-authz-38:_(with_COMMENT)?=
Thread-Index: AQHXHyuZU/A3KOOoPkeRpDWfQb0fYKq21WgwgABpIoA=
Date: Fri, 16 Apr 2021 10:45:55 +0000
Message-ID: <313C317C-BD3A-4875-8695-B1245C55E029@cisco.com>
References: <161642497935.28459.6337296577160925255@ietfa.amsl.com> <17c975cd75bb4449a401c799672b1a6a@combitech.se>
In-Reply-To: <17c975cd75bb4449a401c799672b1a6a@combitech.se>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: combitech.se; dkim=none (message not signed) header.d=none;combitech.se; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:45a7:9cdf:8a35:f6e2]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dd107153-ec02-4e93-29f6-08d900c4d077
x-ms-traffictypediagnostic: PH0PR11MB4839:
x-microsoft-antispam-prvs: <PH0PR11MB4839CF5349059880EC981D1CA94C9@PH0PR11MB4839.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: huMcN6EWrLzOV5eDCXYnZfwMI3rWrjPWyDcvwLEmhIsnPahiva3yWwg8gY1MnxfPALelmtGHn529nKeo9UooY9SCKEPhlxv8x3nfK6w4gHCdmPRmbyMw1ni1PketOxk5mKTlW3T97q+zRcBONAtlcdZPeH124J/wNUKPCAmN2QXd+T7BgL8DIwfK7D/ElWVGDtgvjSfm+hZaFdjfpsKRxirzaqbImtepwxRutqcUQw8a3rGvwcqHNMutD0OBqWMEXU+RyCwV0TRBWlpdMwCjYw3E6Uoe0MKGhQ783ruJx+MWgwYqvqr1t2PowNSUVH4auYT/bvvQN24/WZueBB7pSfb35/++rZo2mNA4TYszJWpAwQ+nynl8XK2eK9RxhICcMeYjVPey4eo721CqSJ3/wWFStjUnlkyQ8nhsesqNQgIGZ5lhgYjT8arC9VYaDzTU6ZWkIztAKQlWaglERnpTx5zLTqLZsLSDGwLicGid7X8eVdDk3O0y4XrqWzne2soESL2Y0lTqENRRJ41HOmpxi1YhxJ19bJCaUKc3GQV8cBolq8sEbZV10tIpoZy2mTQ/uHTVHkoIFLGD7hanraGzORMyf4XktB95hm49/m0QVOEVAyaB4itFY5gocbRWcgpvPHk2GxOGipGVmmciLe101MBVQBM9wSDLYtmz1m6EpORCY6OjhQ977S6kO/eAzOUHmV4qCtU3c8FoLhiUq8LxbnYgTwGwz8krNgxIsvup2WI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(346002)(396003)(39860400002)(366004)(376002)(76116006)(66946007)(316002)(66556008)(122000001)(91956017)(66446008)(66476007)(64756008)(966005)(38100700002)(71200400001)(4326008)(66574015)(110136005)(186003)(83380400001)(36756003)(2906002)(6506007)(8936002)(2616005)(224303003)(478600001)(54906003)(5660300002)(6486002)(33656002)(53546011)(6512007)(86362001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?V1I0ajQ5bnJuSzREN0VqNlc1ekJNdE5LSzVGVW5wbmxuaXhPbVQ2dnVrTjNh?= =?utf-8?B?bGdreVRZK1hobUxiUUQyR2xFVDJwVUdlbXdPaVdIUHA2WVJ4eldTWGtDYzRO?= =?utf-8?B?WDY1NDR4eXVSMmtwZ25lc0JqQUZGcmRyaXZ0YTBBaHA5Y3ZQT21UZHFXeXZZ?= =?utf-8?B?WmpOTEpEQ0J1d2NwdTVrQ0dOUUxIODVWYmp1clNTcEtzYWhSODNiK1crRWlm?= =?utf-8?B?aXZtakJUMTNNbXNocGZXS3JCSHVJK1RibFRsdjltR0lwWGVpdnRaT3JVOHpn?= =?utf-8?B?UUFLS0tDYkhuR1FTYzhSb3g3ZU5CdmtDMXloS3E5dGwyd1hPUXlyWHpvNlJQ?= =?utf-8?B?ZGZidG9Makt3UHdlNG5qVmo0TnRyRGJMcW1OMU1ISjFWZk1PZ0UyRHg5cmpF?= =?utf-8?B?VDlxQk5hK0FDSE5rampRQU1nRjRSOG5acjFFRXZYS0ZMSlByUVYrQnYwaFdn?= =?utf-8?B?UlBqV3BHUkNpYXlVakFhcTM3dmxpQUtxZlVFZ3dFQlpuV09Sc203a2pxcjly?= =?utf-8?B?Q05OQXJTdGJlS2thRTIyYkxYZUxLNGRnaFZqUEtYU1VRZmJxMmpiUjNiUmVv?= =?utf-8?B?QXNHem5nQmRrK2JsNnJ2L25CenVMeGtTVG8vRnY5T09kckQ1SkkrbjNUQWZQ?= =?utf-8?B?UE05OHEvZnNsSENpU1ByRjdTVEE2anNOemtCN3NBYVBIc3o3SjZEcER6MFVn?= =?utf-8?B?K21CWHRKSUdBTlRsc0UwcWt0eE1PRFlVaHJ3T2tkZFY3dW5NSE93eHM0MWdw?= =?utf-8?B?dFlabW1uai9CdXBaTnZLdVNXZG90RTUxaFJ3RTVwRlRxeXB6UkQvVklaemRu?= =?utf-8?B?NzdIQ2pKM2JtYkNTSWpzNEJMTkIrRld3VUZmL1F5aVkyR1lmc2YrbUdlOUFG?= =?utf-8?B?dUx1ZEFLbW9CcExDVFpKU0pkaFlBVTFkMlErc2ZIYWUveVRvN3Jjc1JYamU1?= =?utf-8?B?NndYMlA2YW5ZY21aY3JQTURSUXdiQUFKdnhJU1pYczRQK3o1Y2JkVWZZQ2NQ?= =?utf-8?B?aU9uT3NnM3lrZTNPUHlYTVFQT3N4bzFZT2o5LzNoVS9FVGl6OGk5cXpPenJK?= =?utf-8?B?YmZwQVByTlRTVHpkTUhyKytjZkpuRDA4eUVpY1V5WC8xU3Z2dUVqczlQV0RN?= =?utf-8?B?dlZabTB3a1pYdWZyRVltaDY1enZuTWdrK1Y5clpqQXlJRnp0RUlUT2dJRDF1?= =?utf-8?B?aWcrSmlYb29vME9Mbk9EbVZuM3JkUlRvRUlMVFAzcnh2NE1Hb1VWcjZPeWRk?= =?utf-8?B?ekUyOGREQ1ZyY1h2N2o0amJNMm9TY3JKUzd0a0pKazE4ekZDKzhCMlZvRm1p?= =?utf-8?B?K3ZTai9CTHd2ZXBzQWtZLytJcHQ3NVNJcnpiWU9yNkczZnhGUUpPaE03eFVC?= =?utf-8?B?TldtdEIzd2tDcXZDSjF4NHdFK0d3bDh5djlsRTdobHZkcVNDUkpZVGlnOWYw?= =?utf-8?B?am5GT3RGOFQ1a1JmWVBlQXJJRm5yNVlHb1pXN1RTZEJ6RFR6aTFjT1BQTFF4?= =?utf-8?B?OTRPQ2pLeTZKZU9wME5iY3JtMStRVFl1K1lzVjBoRzRWK3Y4cHVHVkpqV042?= =?utf-8?B?aVJZZXVDYmlpakkzMFFRZkNlZmZrY05OUE5FYWVLOFJUMTltZHNwVE5yY0lw?= =?utf-8?B?YmlhMGwxWGd0eW94a25SaVJ2VGhwUkZoWUdNVllNY01NMGgrSDJUWW1HUG82?= =?utf-8?B?eGdBRlFvUmx1TXJYc3V0TGJSYThSWDF1ZjZMdDVXQ2tSb242RkpPMmhkTXZn?= =?utf-8?B?QU9DSlRFQW00QkhVdHdNZ0duRG9LZnVqUjc5a2JENFlrS1hNVTF6R3lYNzgv?= =?utf-8?B?SjJKOFpjQzgvSFlSU2Yrdk9LbTJZdFFPWDFKSjZkRlA3c2RwYjdiMm1VeU4r?= =?utf-8?Q?/cRlhRKNPklJK?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <67A68EC6116BC0458B2354B82873B5DC@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dd107153-ec02-4e93-29f6-08d900c4d077
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2021 10:45:55.9551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E5wzT8L7v0bZqlBsK8minbbsVwukqJbjwH7bRgAnpCdjF5wfiHgw2AlKKbcV29P+c+zPEkslp9pSF/1NUxVgkg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4839
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.18, xbe-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/nLUnwgQPqGXzmIO2JDnTmMElY-k>
Subject: Re: [Ace] =?utf-8?q?=5BEXTERNAL=5D_=C3=89ric_Vyncke=27s_No_Objection?= =?utf-8?q?_on_draft-ietf-ace-oauth-authz-38=3A_=28with_COMMENT=29?=
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2021 10:46:05 -0000

Ludwig,

No problem for a delayed reply, the most important is to keep the Internet improving __

Thank you for addressing my comments on this nice document.

Regards

-éric


-----Original Message-----
From: Seitz Ludwig <ludwig.seitz@combitech.se>
Date: Friday, 16 April 2021 at 08:31
To: Eric Vyncke <evyncke@cisco.com>om>, The IESG <iesg@ietf.org>
Cc: "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>rg>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>rg>, "ace@ietf.org" <ace@ietf.org>
Subject: RE: [EXTERNAL] Éric Vyncke's No Objection on draft-ietf-ace-oauth-authz-38: (with COMMENT)

    Hello Éric,

    Thank you for your review. Sorry for the long waiting time.

    Version -39 addresses your comments.
    https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39

    Regards,

    Ludwig

    > -----Original Message-----
    > From: Éric Vyncke via Datatracker <noreply@ietf.org>
    > Sent: den 22 mars 2021 15:56
    > To: The IESG <iesg@ietf.org>
    > Cc: draft-ietf-ace-oauth-authz@ietf.org; ace-chairs@ietf.org; ace@ietf.org
    > Subject: [EXTERNAL] Éric Vyncke's No Objection on draft-ietf-ace-oauth-
    > authz-38: (with COMMENT)
    > 
    > Éric Vyncke has entered the following ballot position for
    > draft-ietf-ace-oauth-authz-38: No Objection
    > 
    > When responding, please keep the subject line intact and reply to all email
    > addresses included in the To and CC lines. (Feel free to cut this introductory
    > paragraph, however.)
    > 
    > 
    > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    > for more information about IESG DISCUSS and COMMENT positions.
    > 
    > 
    > The document, along with other ballot positions, can be found here:
    > https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/
    > 
    > 
    > 
    > ----------------------------------------------------------------------
    > COMMENT:
    > ----------------------------------------------------------------------
    > 
    > Thank you for the work put into this document. I have really appreciated the
    > informative and concise section 3 "overview". The flow and the explanations
    > are really superb: if only all published RFC could have this level of quality ;-)
    > 
    > While I appreciate that the document shepherd was the past Jim Schaad, I
    > find it weird to read a shepherd's review is for the -21 revision while the
    > balloted revision is -38 as I usually rely on those write-ups to get an idea
    > about the WG consensus... Anyway I am trusting the responsible AD for this
    > I-D.
    > 
    > Side note: due to lack of time, I have skipped the security and IANA
    > considerations sections as I trust the responsible AD.
    > 
    > Please find below some non-blocking COMMENT points (but replies would
    > be appreciated), and some nits.
    > 
    > Last very minor/cosmetic comment about this document as well to the oAuth
    > terminology: using "refresh tokens" sounds weird to me, I would have
    > preferred "permanent tokens" or "long-term tokens", but, I am afraid that
    > the train has left the station for many years ;-) And the same applies for
    > "introspection"
    > that usually is done internally and does not require a third party as in oAuth
    > (but this is another train, which has also left the station...).
    > 
    > I hope that this helps to improve the document,
    > 
    > Regards,
    > 
    > -éric
    > 
    > == COMMENTS ==
    > 
    > -- Section 3 --
    > Should references/expansions be added for "HTTP/2, MQTT, BLE and QUIC"
    > ?
    > 
    > -- Section 3.1 --
    > Suggest to review the order of the definitions, notably popping up
    > "introspection" as it is used by most of the other terms.
    > 
    > -- Section 4 --
    > Mostly cosmetic, any reason why figure 1 is so far away from its mention in
    > §1 ?
    > 
    > In "ensure that its content cannot be modified, and if needed, that the
    > content is confidentiality protected", I wonder why the confidentiality is only
    > optional ? As far as I understand it, the possession of an access token grants
    > access to a ressource, so, it should be protected against sniffing. What did I
    > miss ?
    > 
    > In "If the AS successfully processes the request from the client" may look
    > ambiguous because processing correctly (per protocol) an invalid credential is
    > also "successfully processed". Suggest to mention something about "positive
    > authentication" ;)
    > 
    > -- Section 5 --
    > As a non-English native speaker, I cannot see the verb in the second
    > proposition in "For IoT, it cannot be assumed that the client and RS are part
    > of a common key infrastructure, so the AS provisions credentials or
    > associated information to allow mutual authentication.". While I obviously
    > understand the meaning, could it be rephrased ?
    > 
    > -- Section 5.1.1 --
    > Could the word "unprotected" be better defined in "received on an
    > unprotected channel" ? E.g., is it only about TLS ? Else, I like the implicit lack
    > of trust.
    > 
    > -- Section 5.1.2 --
    > I must admit that I have failed to understand the semantic of "audience"...
    > Can you either explain its meaning or provide a reference ?
    > 
    > -- Section 5.5 --
    > In "Since it requires the use of a user agent (i.e., browser)" is it "i.e." or "e.g."
    > ?
    > 
    > -- Section 5.6 --
    > s/the semantics described below MUST be/the semantics described in this
    > section MUST be/ ?
    > 
    > In "The default name of this endpoint in an url-path is '/token'" should
    > "SHOULD" normative language be used ?
    > 
    > -- Section 5.6.4.1 --
    > In figure 11, would you mind adding the section ID in addition to RFC 6749 ? I
    > failed to spot them in RFC 6749.
    > 
    > -- Section 5.7.2 --
    > It is a little unclear to me which profile must be used as 'profile' is optionnial?
    > Should a default or any profile be used ?
    > 
    > -- Section 5.8.1 --
    > Suggest to use the BCP14 "SHOULD" in the text "The default name of this
    > endpoint in an url-path is '/authz-info'"
    > 
    > -- Section 10.2 --
    > Is RFC 7049 really an informative reference as CBOR appears as the default
    > encoding ?
    > 
    > == NITS ==
    > 
    > s/application layer protocol/application-layer protocol/ ?
    > 
    > Should multi-words message names (e.g.,  AS Request Creation Hints) be
    > enclosed by quotes ?
    > 
    > -- Section 2 --
    > Please introduce "authz-info" before first use.
    > 
    > -- Section 3.1 --
    > "PoP" is expanded twice in this section ;-)
    > 
    > "CBOR encoding (CWT) " the "CWT" acronym does not match the expansion
    > :-)
    > 
    > -- Section 4 --
    > 
    > Sometimes "Client" is used and sometimes "client" is used...
    > 
    > s/reference to a specific credential/reference to a specific access credential/
    > ?
    > 
    > -- Section 5.1.2 --
    > Can you introduce to "kid" acronym ? It too me a while to understand that it
    > is
    > (probably) key-id... :-)
    > 
    > Unsure whether "nonce: h'e0a156bb3f'," is the usual IETF way to introduce
    > an hexadecimal number.
    > 
    > typo in "5.8.4.  Key Expriation" :-)
    > 
    >