[art] Artart last call review of draft-ietf-oauth-rar-14
Thomas Fossati via Datatracker <noreply@ietf.org> Fri, 04 November 2022 22:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: art@ietf.org
Delivered-To: art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 00AB8C1522B2; Fri, 4 Nov 2022 15:00:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Thomas Fossati via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: draft-ietf-oauth-rar.all@ietf.org, last-call@ietf.org, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.20.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166759925499.54328.11742155720361775976@ietfa.amsl.com>
Reply-To: Thomas Fossati <thomas.fossati@arm.com>
Date: Fri, 04 Nov 2022 15:00:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/EckO_3zF-gnI83Q_HmO5xREursI>
Subject: [art] Artart last call review of draft-ietf-oauth-rar-14
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2022 22:00:55 -0000
Reviewer: Thomas Fossati
Review result: Ready
This document defines an OAuth parameter ("authorization_details") to
carry fine-grained authorization data in OAuth messages. This allows
APIs to customise their authorization requests and has applicability in
a number of scenarios, e.g.: banking, e-health, accessing tax data, etc.
The document also defines a base vocabulary for expressing common
semantics, which grants consistency in an otherwise completely open
space.
It is a very well written document and was a pleasure to read.
It has a clearly defined goal and well designed mechanisms.
The examples (both JSON and HTTP) are many, very well crafted, and
syntactically impeccable -- apart from a couple of stray ellipses in the
JSON examples of §10, and the snippet in Figure 16, which were the only
alerts I got from my linter.
The IANA requests are in good shape (with only a tiny typo issue, see
below.)
Here a couple of very minor reference suggestions:
* §2, when JSON is first mentioned, you could add a pointer to RFC7493
* §2.1, when ASCII is mentioned, you could add a pointer to RFC0020
Please fix these:
* §2.2: "[...] the permissions the client requests is" should be "[...]
the permissions the client requests are"
* §3: "[...] to improve to security" should be "[...] to improve the
security"
* §15.6: "[...] authorization_details_parameterto" should be
"[...] authorization_details parameters to" (I think)
Other than that, ship it!
- [art] Artart last call review of draft-ietf-oauth… Thomas Fossati via Datatracker
- Re: [art] Artart last call review of draft-ietf-o… Brian Campbell