Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

Ludwig Seitz <ludwig.seitz@ri.se> Thu, 31 January 2019 09:20 UTC

Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0A96128D09; Thu, 31 Jan 2019 01:20:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.044
X-Spam-Level:
X-Spam-Status: No, score=-2.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJIbyZya0Cjh; Thu, 31 Jan 2019 01:20:28 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10065.outbound.protection.outlook.com [40.107.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC76B128CF3; Thu, 31 Jan 2019 01:20:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4lZ3Q2jsSi4TfartC6j304U0BpCNnjEe5Z7y5js1is8=; b=YHLxfEtDyWqF0IMsnPcsYkvvreo3Q/+IzkR1SNQtVuBCYLIb1STwNc89YN9/RRk9G8PXw+xj5mqYwAZ2jyjBVfr63oCgvauOMReL9UtIZ+OZdlkE+JTtClKjR/2KvcTEYpKOCFT0hWjkaxMuzMWimBy+TdMoAohj4ygEhXI5BgY=
Received: from AM5P189CA0031.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:15::44) by HE1SPR00MB03.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:6e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.16; Thu, 31 Jan 2019 09:20:24 +0000
Received: from HE1EUR02FT022.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::201) by AM5P189CA0031.outlook.office365.com (2603:10a6:206:15::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1580.17 via Frontend Transport; Thu, 31 Jan 2019 09:20:24 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT022.mail.protection.outlook.com (10.152.10.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1580.10 via Frontend Transport; Thu, 31 Jan 2019 09:20:23 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Thu, 31 Jan 2019 10:20:23 +0100
To: Jim Schaad <ietf@augustcellars.com>, <draft-ietf-ace-oauth-authz@ietf.org>
CC: <ace@ietf.org>
References: <01e801d4b861$4d7d41e0$e877c5a0$@augustcellars.com> <76f048fa-fa03-4e5b-0b60-c5674a2ddad3@ri.se> <021c01d4b8c8$e5ee0ba0$b1ca22e0$@augustcellars.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <c0163315-a62d-fe8a-be45-cabbaefc95f3@ri.se>
Date: Thu, 31 Jan 2019 10:20:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <021c01d4b8c8$e5ee0ba0$b1ca22e0$@augustcellars.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(136003)(376002)(396003)(39860400002)(346002)(2980300002)(199004)(189003)(13464003)(77096007)(81166006)(40036005)(11346002)(8936002)(69596002)(230700001)(53546011)(53936002)(6246003)(386003)(229853002)(4326008)(3846002)(65806001)(47776003)(65956001)(6116002)(104016004)(16526019)(26005)(7736002)(486006)(476003)(336012)(126002)(8676002)(65826007)(446003)(22756006)(356004)(81156014)(44832011)(186003)(2616005)(305945005)(22746008)(106002)(86362001)(23676004)(64126003)(97736004)(31686004)(76176011)(33896004)(67846002)(68736007)(110136005)(106466001)(16576012)(58126008)(2486003)(50466002)(31696002)(36756003)(478600001)(74482002)(316002)(2906002)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1SPR00MB03; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; HE1EUR02FT022; 1:SkpTj+mrzjNyq70qaYammLTOeSahwN0s5cKTToSsIxyVs01mmd3sp2OvjPjkMNmWqgXy4hwXUcY5fG1KpdlEAzv4fQK5MP6sDnYJSwFwTYPv/4JvIfWVhKhQeqF6oYNN4abiLOQpY4TubTKJdLz78KP7xjExiPzGgXBY1rYD4MQ=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5216ba35-81c3-4295-4895-08d6875d54a1
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060)(7193020); SRVR:HE1SPR00MB03;
X-Microsoft-Exchange-Diagnostics: 1; HE1SPR00MB03; 3:sjupoc9rHIy0l3P+hyQpO8mt6TYzw6ZU4BwwFHOXi6ltanDwNUEo5iG7ECzRSliUcOva3QS/eoFbtf1kUQYVwfueRhDoIYXnNV2e7GUC7fkKa1YcxxsY5VypfOWK8cbOVksND4ZPdYCKrh6YlBZ/E1vKYjqg1crYaKuAjKUDQrwmxrdlIPmxGOMJDOS0Qm6ef/NuidKDxjS9CoXi/aRYvoC+geeGIi23YKlzXRkbU/jY4uJllWg40y2zh4kbDeTGSDbQC2w8r9bpfKj9cTSNK8fsQWJhl0hJWKioQZXPyQLxwlzB34k/QXPexzkVdxaV9iNxy76iIzhvWLzvU1LVJqpqG2x+V2eV3vde3hIUOiio0eT+m/5TJbYfuSZp/6+C; 25:W8eByzf0UD4VObutDXUgUFMIYugv+zA5fmE/OcZav0+rwqBr09HSHn5b2HmmorAIr9Ow1ObbmNj7nWovfwY91pyJ6zNZhOo6vVqNOkKXvLbE3PVTIuYdbuglh1IJ9vfrvIpD2f1lmbwYBNpPKltbkkhduEWQ4vqa4aiIqBz70nBXaXOo7WkO4+gt+v4GHq/y7cejBjsTrAszcage3r018haVl3tOveNoX+IzFT3AMmXXRkcfSfSuqrAipSAfwVXnMSFlvu9BppqhVxJt/akrmnT8iDwpCPYlIlDlME9t//UAB16+Ij+eT5h/BCEbTNBnKF+ip9jeMfGUicw39AbiHw==
X-MS-TrafficTypeDiagnostic: HE1SPR00MB03:
X-Microsoft-Exchange-Diagnostics: 1; HE1SPR00MB03; 31:tGkdSn9t7Z4TeEPkgavSjdIipij6UQ10F+SGPu6oGLyUfS5W8T/ATtfcIT1PuuyOCskuoZsmdMkouOOw10pf7HHIHx7fBg/iOYbDEm3YQVr2/Vdbk4z0wuSTxFlo/0QM5yheKJzrH6lcd6/W4/APriM2xA/rV3plrcCKTpDRmr4xNYy54IXEqvKu/BmTMgT4UO4qiR3wOI662gQfSMXfWR0HTz9OE10uam0WvAJakSs=; 20:KbqNEwPJj2Tjj5SndnKqrsJWURg2uVyAcUbyoPAsIOv3xCUkuV3riRSIPDAqG2TH204gPNdC6OOGJEw83iUY9D5y19TtbBzqXikAwBejdCMmjAKE/v53QSX/vwNXMTrZjiUcq7E8Pjgq1iKdI948RZY6SF57tSs8M7WS6nBry7FjqJoCUBtjQQVt42AGVoYsPbWr17jkVyRGw2PiPhxx3QWX+94CEuVxXxWw/I+k5SYaRsqsB2j2S6ctH0mT8mfo; 4:dIUfb4G6abH7xb2Adpa176UAt9B3yg3/jHNwArK6YqFqnIPXNhNhVNsbt+hjZPxniTqhfP3IxluVTZJmqmYDVwsfDWupFHygtNj17P3obVi6fDxQNjGWs44LztpBL7lv34IS3BO0dsss3ut7UjMNZPDFQHJGlH9Ug4dr7aUbzYeRBt71ZM0qzp82+6WZslzX1fWzILrK7v0JVw+FzYZRhJa685RcIKUc6xvC40u0JlIDOLtNIi3SLdCQ6prjZbgOFJYO84yDj61DxVftQ/qtK59rmMOinUeJgsoIG1oV1k4sSVLd6Trsh8s8aipcEznH
X-Microsoft-Antispam-PRVS: <HE1SPR00MB03F4E94CCD2AFD4CAE280082910@HE1SPR00MB03.EURP189.PROD.OUTLOOK.COM>
X-Forefront-PRVS: 09347618C4
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFTUFIwME1CMDM7MjM6aEJUaStpSUJ6K0ZscXZtQ0dqTFdNM0hadUZI?= =?utf-8?B?SENUWDRKcC93dWtpS2FYbUVtbWUwUVR1K21IRzgzWloyUVIrZUhtNUp6bnlK?= =?utf-8?B?RjA0cTdlbUR6c082VTlVaGFSbGNydUlHRXkrRVVGSi80emxCeXFibW0ycDJj?= =?utf-8?B?b0MzRUEwQUlWTE8xcFRLR2o1dHcwd2ZGL1oyenRDdVh4R2ZvVG1ZaDNUa3pY?= =?utf-8?B?N28vRFpxMDhCTkdtQ0xaSmJ1QjY3cm8xV2RWNStTMEtYQllxd2xHRGNzcUNn?= =?utf-8?B?cmJUYzJ0YUhXanJ0ZTkzbkpjT2pyRFdSZkJJTjFMTEk3TElPOFBBVytWM1lp?= =?utf-8?B?aG1PbDhmcGl2UDVOVHBMeXlQNkJOV3hmd0hCdkp0Rm51VG9kSzUvMjFmOFFE?= =?utf-8?B?U2JCMlNVTnJiUHdNT0JtdkxNcVV2Q2hTQndaNURid2YvRTdvbGgvM2VjdFp5?= =?utf-8?B?NnZLRVNNc2UyUzI2SkZ2U2UrV0pTMGt5VFJhU1B3SHBvU2ppVTlVbTBtb1Bx?= =?utf-8?B?WnR5alBoaFZNRTlRdS9SS0FObUZsN2RNdWxhNTM0aUIwc3ExNXpOWUxNcWRI?= =?utf-8?B?b0hvOWhIMG9CVWxUWVdFdGhYTzdYK1dVNkZtTXk5UDE5TUVyeG8wZm5IUnhS?= =?utf-8?B?TkkvNXJiL2lZVTlVa0Q2U2hqTjF1cUU3c2QwVFVsNUlmdXRjdFpWNmlGV1cy?= =?utf-8?B?TkV5TEFlall6ZzVJOEZhUEY5bXJ6OVlvQVZNL2JPMEh2VmFlcWt2cVJzT0M0?= =?utf-8?B?SlN0T0trZkdacWhobjlTc3UzdDI1ZzhsU2ZDVFNMR3lqV3RRRFpnSXAwemxh?= =?utf-8?B?Ty9CVGx6MTJuZ3NUMWpQVlZsKys1eUVBZHorNVFKSXRJS05rc1A1ZDh4UVRi?= =?utf-8?B?NkZUdGtlZzhiRmxZN1hNckVBWkR5bTByc2xib1RBTUQ0YXpMTlJPL2d0d241?= =?utf-8?B?djMwaUxpYTh1Nzg4eXJkR0U2WmtQZUttNUpIQUdLaDRMbVo0YUw1bnRQd1Fr?= =?utf-8?B?MDZmWWd3NXh3RjRMVC9uV2FrMFZEczQ2VmNaM3hkWEVEYUJUK0R5cE1TOEY5?= =?utf-8?B?TDNYSzdtei9xMHh5cGtndXhxcU5XWHB2YzRFWEdCaFlsSmJMOGtsN0RQUFN0?= =?utf-8?B?THBsMS9Uck9kNXF1ZDd5QnNFakVXTmZ4SDh1SVFON0dNUHBveUxEUXVGZm5o?= =?utf-8?B?T2twcXgxbkVIOWE2bVZhV3RpbXRLcmdqeEhES0dXNDZDaEYydjRBeVE5Ukwx?= =?utf-8?B?RzFRRHBWd1E3RGpQb3RIUmdyZ1FyYkRYSHhENEpOck5HbHNOVm9zMkhiNjdN?= =?utf-8?B?dTRtc0pRb2FSSk5mNDhkejZZRmVEUlBsUjk2dEpsR1BiOXloLzFxZzl3bUZa?= =?utf-8?B?a2ZlL01jK0Z4VWFjazlMRVRxSXE5UlYzdmRRVm1IT2RFd2ZEdkJ0ejFWekRa?= =?utf-8?B?WHpIWkVVdGhFd0paSlgyRzFXckU5Y29NUDRKRmVuUTZ3VG4wZ21hOFVkU3h0?= =?utf-8?B?REJBM2hVa3FpRlVjVk9DQWVkZHZqTyt6U29VUHFIQ3RRc0pJZFJxckh3Y2tH?= =?utf-8?B?VkVmakM4QVAvdTZQcWVra0Fha0NhWFM3ZnZrNWJ0N2RMcWZXd0FIRnladlNF?= =?utf-8?B?Y0pRV1ppbFBpam5lY1RXa2haaU9qclA4Nkk1Rk82UFJuMHB2OFdiYm9MeVM4?= =?utf-8?B?SXZsZ1M2R1FSclFOOEgyMDl6WXhPdGptczBXUzVKcUlNN0s2TmY4Myt3VGxM?= =?utf-8?B?bzk4bEFudlM0YWd1Nm9UWXp5ZjcwQTFrUEhnL2lPczlkaVNqK1YwWFN3NXNJ?= =?utf-8?B?SjZWRmc3ZHRRMS8wZDJKeVIvcWNOQ1ZMRDhKQWVQNlh5U0FRNlVIYUw3WUlk?= =?utf-8?B?SGZwbHVYWEJWQkdUbDdJSm55Tk01ZlQ0bXNCWFEyVDBsNU9VMlNnSnZtWG4w?= =?utf-8?B?ek1qN0pWZS8xMXd2VHA0c1Q0OXdJb3hoOUhqQmEwYzkvUHV4bUovNzk2YWZI?= =?utf-8?B?SjBYaUhXWTk1eDF1WW5BMzluVTBPUzdqSmZlSWdaK0JMRDE4eUFQcUF4MmdF?= =?utf-8?Q?xWc=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 7RQvN9zvpth2Q7wW3fmuHNZBqhbp1yIZBqwgfPX9z8yywc2Gw58FvKhorOmEFqQdzHAeaXWuzf+5rVSRYAhDtEAmIkmcKghO+i0kX0AzwMeP7cSaTDp+tz02f4l+QkL91cg6u0ivU8Cqjg4xmpA7GMVSkmdDrpKcz8U2QgtjdMO/gapx2ZCvXOFGzJwI7qH7Zp+HmKkSkzRyX3ZgHUncLh8XLVKEIAMMvM9YTiLgdqlxXk1DA/jzUapIRSTUTzaV0muyiUf3zrOII9YrCxP9RBzq1l/DFtFvoxgPcYd0FiVNeT//CzRUod4eE5Q9CRIZsJBJyw9hODgdOTPNHJ0e4/QiaEFarCZNL4xEt20kSOCeqrc29/ydfjh6uh0aDDkVQargvMJ5sGdAo4XCUbCCHEE1/AhbqHGn1GJJH2x0RyA=
X-Microsoft-Exchange-Diagnostics: 1; HE1SPR00MB03; 6:OQvlAVANUcXZJW5qk5DlFx69KfpD4oV0fG+g2GvX3mInRNQQVfUak/AXic2jWFI5QLKnsSssEVoRsguv5XzLWcABamZl1+eF5mlKDTITNfmDk+dbggEGVn3NGCRhbr7xc9c3YIy6YvTGMVOeBRYlL5Vc1aDnYUyLbSvKhNLTBmJyJ6juVFXrtRsl7BhML70HOgir3hiifLrSZM8a1FpZHhEK3heCD/bIYugMVyW/bKzjjQPE99Ksh9guKgcbKJLpfnoKGFplHPNmbMgT6mbg02+Bn9E2yHpcag0g1FeCyKIhWW1IPLz9T5P0wbXYS9/B599+tWv74Ab8jn4CDT06/zPbjsYczW5cc7UK4DukFQQpmY/Vjp+h2uLzG0Bx0QvSIn9TZuVWTs14iP9DoSYO06AH/x6i1GTKO6zanuHt5KrEE5cW7YODt9wn/y0oWHkm7w3LpYP+Fk8EW00BVzAv9Q==; 5:3JPDGfYqBiaoDACjPKg0xEwgpxECTju2ANZ794ehBYvjGd4J4rcXcvy9QlxWB4Lecke9deUDQKy8p0/fj3JeBgkUVLUf0jKX1u81LryNrWrGn6CiOzZXQJcfpgB5qrI3H/Vf7JiuVLeu2hG6FJuy8ib91WzLC80qMCTBbVXAM5HLzQhyH3F4jkqTuT2n2NL0RckSHYznG/qhb3uTfYIcGQ==; 7:dbgk9jQmSB2OT0gyq7U9syXg4g53AVPgUP6/HLajFdJjqFVAXebxQ1aRmwXteAduN+JCI1OOHVyyBfxX0+jm+I/wYc+b6RdTbZnP4DPBvkN5PnFtXc+2vJvdMHeP1YxL/hDr/psx5V7WgCWBiaMCYg==
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jan 2019 09:20:23.9406 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5216ba35-81c3-4295-4895-08d6875d54a1
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1SPR00MB03
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/vUgU-u7J1UGvJgFcqRyXCxR2I84>
Subject: Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2019 09:20:32 -0000

On 30/01/2019 19:23, Jim Schaad wrote:
> 
> 
>> -----Original Message----- From: Ludwig Seitz <ludwig.seitz@ri.se> 
>> Sent: Wednesday, January 30, 2019 12:38 AM To: Jim Schaad
>> <ietf@augustcellars.com>om>; draft-ietf-ace-oauth- authz@ietf.org Cc:
>> ace@ietf.org Subject: Re: Shepard review for
>> draft-ietf-ace-oauth-authz
>> 
>> Thank you Jim,
>> 
>> I'll upload a new version as soon as we have resolved my questions
>> below.
>> 
>> /Ludwig
>> 
>> On 30/01/2019 07:01, Jim Schaad wrote:
>>> 1. Update the reference from RFC 5246 to RFC 8446 in all
>>> locations
>>> 
>>> 
>>> 
>>> Items that don't appear to be resolved:
>>> 
>>> * Section 3.1 - Refresh Token - I don't think that refresh tokens
>>> are going to be strings because binary is more efficient. Unless
>>> you are going to say that this is not OAuth 2.0, then a refresh
>>> token is still a text string.
>>> 
>>> *  I don't see any text that is addressing this.
>> 
>> That text just describes how it is in OAuth 2.0 (where refresh
>> tokens are strings), since we didn't see the need to specify the
>> use of refresh tokens in ACE, we didn't mention them further. If we
>> had we would certainly have defined them to be binary.
> 
> That would be fine, but you actually do define a CBOR mapping tag for
> refresh tokens in the body of the text and define it as binary.
> 
Right,
(background: I did define a mapping for all OAuth parameters and 
re-mapped all that were Strings to binary. That does not necessarily 
mean the have a use case currently in ACE.)

in order to resolve this I will add a sentence in the description of the 
refresh token, saying that we define them to be binary here.


>>> ****** IANA Section Issues
>>> 
>>> 1.  None of the new registries appear to have any guidance for
>>> the DEs to use when approving items.
>> 
>> Is it acceptable to add a single guidance section for all of the
>> new registries, or does it need to be separate for each of them?
> 
> As long as the guidance is comment this is fine.  That is what I did
> for all of the COSE registries
> 

I'll copy liberally from your example then (and a bit from the CWT RFC). 
Hope you don't mind.


>>> 
>>> 2.  The title of the registry "ACE Authorization Server
>>> Information" is not really descriptive of what is in the
>>> registry.   It makes sense in the text but not as a stand along
>>> title.  Something along the lines of "ACE Authorization Server
>>> Request Creation Hints" seems to be closer to a solid 
>>> identification.
>>> 
>> Would "ACE Authorization Server Discovery Hints" be better?
> 
> I thought about that, but it does not really cover the idea of having
> the nonce value there or the possibility of later adding things like
> - ok you should use this audience or this scope or some other similar
> thing.
> 

I see. I'll use the somewhat clunky but descriptive "ACE Authorization 
Server Request Creation Hints".

I've also taken the liberty of adding audience (req_aud) and scope as 
optional parameters in the AS Request Creation Hints message, in order 
to justify its name.



While resolving issues from the DTLS profile the authors have noticed
two elements that need to be added to the framework:

1.) A definition of "Authorization Information"
"The information an RS uses to determine wether a request is authorized, 
including the claims of applicable access tokens."

2.) Adding the "kid" parameter to the AS Request Creation Hints, so that 
a client can request a token with the same pop key when it has an 
existing security association, but the token has expired.
The procedure is currently defined in the DTLS profile, but it applies 
to any other profile as well and should therefore be in the framework.


/Ludwig

-- 
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51