Re: [Ace] [EXTERNAL] Zaheduzzaman Sarker's No Objection on draft-ietf-ace-oauth-authz-38: (with COMMENT)
Seitz Ludwig <ludwig.seitz@combitech.se> Fri, 16 April 2021 06:37 UTC
Return-Path: <ludwig.seitz@combitech.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99EC83A1882; Thu, 15 Apr 2021 23:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_KVuuJ7rjpV; Thu, 15 Apr 2021 23:37:12 -0700 (PDT)
Received: from weald.air.saab.se (weald.air.saab.se [136.163.212.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFFEA3A1870; Thu, 15 Apr 2021 23:37:10 -0700 (PDT)
Received: from mailhub2.air.saab.se ([136.163.213.5]) by weald.air.saab.se (8.14.7/8.14.7) with ESMTP id 13G6b7EZ028445 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 16 Apr 2021 08:37:07 +0200
Received: from corpappl17771.corp.saab.se (corpappl17771.corp.saab.se [10.12.196.78]) by mailhub2.air.saab.se (8.13.8/8.13.8) with ESMTP id 13G6au4B009336 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Fri, 16 Apr 2021 08:36:56 +0200
Received: from corpappl17773.corp.saab.se (10.12.196.80) by corpappl17771.corp.saab.se (10.12.196.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 16 Apr 2021 08:36:55 +0200
Received: from corpappl17773.corp.saab.se ([fe80::20a9:e9fa:54a3:2afd]) by corpappl17773.corp.saab.se ([fe80::20a9:e9fa:54a3:2afd%17]) with mapi id 15.02.0792.013; Fri, 16 Apr 2021 08:36:55 +0200
From: Seitz Ludwig <ludwig.seitz@combitech.se>
To: Zaheduzzaman Sarker <Zaheduzzaman.Sarker@ericsson.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [EXTERNAL] Zaheduzzaman Sarker's No Objection on draft-ietf-ace-oauth-authz-38: (with COMMENT)
Thread-Index: AQHXIEzJU2btLrded0ujkIE8yy/7tqq21MNg
Date: Fri, 16 Apr 2021 06:36:55 +0000
Message-ID: <f096fe454f044a27af7a6d3cd839db98@combitech.se>
References: <161654919034.11287.3733524988551405831@ietfa.amsl.com>
In-Reply-To: <161654919034.11287.3733524988551405831@ietfa.amsl.com>
Accept-Language: en-SE, sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [136.163.101.124]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Saab-MailScanner-Information: Please contact the ISP for more information
X-Saab-MailScanner-ID: 13G6au4B009336
X-Saab-MailScanner: Found to be clean
X-Saab-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.595, required 5, HELO_NO_DOMAIN 0.00, KAM_ASCII_DIVIDERS 0.80, RDNS_NONE 0.79, URIBL_BLOCKED 0.00)
X-Saab-MailScanner-SpamScore: s
X-Saab-MailScanner-From: ludwig.seitz@combitech.se
X-Saab-MailScanner-Watermark: 1619159816.60802@mZmxoaQqbqEevhhnMQhswQ
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/phwNb5kIIYq1d_xnTU2TI99prvc>
Subject: Re: [Ace] [EXTERNAL] Zaheduzzaman Sarker's No Objection on draft-ietf-ace-oauth-authz-38: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2021 06:37:17 -0000
Hello Zahed, Thank you for your review. Sorry for the long response time. Version -39 addresses your comments. https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39 Regards, Ludwig Seitz > -----Original Message----- > From: Zaheduzzaman Sarker via Datatracker <noreply@ietf.org> > Sent: den 24 mars 2021 02:27 > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-ace-oauth-authz@ietf.org; ace-chairs@ietf.org; ace@ietf.org > Subject: [EXTERNAL] Zaheduzzaman Sarker's No Objection on draft-ietf-ace- > oauth-authz-38: (with COMMENT) > > Zaheduzzaman Sarker has entered the following ballot position for > draft-ietf-ace-oauth-authz-38: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for working on this document. I found the overview section very > helpful to setup the knowledge required to absorb the rest of the document. > > I have following observations and/or nits, hopefully this will improve this > document - > > * Section 1: > For web > applications on constrained nodes, this specification RECOMMENDS the > use of the Constrained Application Protocol (CoAP) [RFC7252] as > replacement for HTTP. > > I can't parse the normative text "RECOMMENDS " :-). I believe if normative > text is used here then "RECOMMEND" or "RECOMMENDED" should be > used. By the > way, there are more occurrence of "RECOMMENDS " in this document. The > same > comment applied for those occurrences . > > * Section 2 : I would suggest to drop "we use" from the beginning of last two > paragraphs in this section and write those paraphaphs in passive form to > harmonize with rest of the section. > > * Section 3.1 : > Introspection is a method for a resource server to query the > authorization server for the active state and content of a > received access token. This is particularly useful in those cases > where the authorization decisions are very dynamic and/or where > the received access token itself is an opaque reference rather > than a self-contained token. More information about introspection > in OAuth 2.0 can be found in [RFC7662]. > > I got gradually introduced in this document that potentially the client can > also use the method to query for more information (Section 5.9) via RS. I > think it will be helpful if this is described early that RS and client both > can use the introspection offered by AS. > > * Section 4 : Figure 1 > > The use of (optional) here is a bit confusing. The (optional) tag in (B) > means it is optional to include refresh token. For (D) and (E) the meaning of > (optional) is completely different. The response to the Introspection > Request > is not optional, is it?.. but that interaction between AS and RS is optional. > It might be good to separate the use of "optional" in this figure / or amend > the figure in a different way to avoid such confusion. > > * Section 5.2 : > > The request has been received on an unprotected channel. > > The definition of "unprotected" would be appropriated here. does this refer > to secure communication channel? > > * Section 5.10.1. : > Typo : s/Section Section / Section > >
- [Ace] Zaheduzzaman Sarker's No Objection on draft… Zaheduzzaman Sarker via Datatracker
- Re: [Ace] [EXTERNAL] Zaheduzzaman Sarker's No Obj… Seitz Ludwig