Re: [Gen-art] Gen-ART LC review of draft-ietf-oauth-dyn-reg-management-09

Justin Richer <jricher@MIT.EDU> Mon, 23 March 2015 15:52 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D34241A92DE for <gen-art@ietfa.amsl.com>; Mon, 23 Mar 2015 08:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_LIST=2.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0W8-8t_mQ5mP for <gen-art@ietfa.amsl.com>; Mon, 23 Mar 2015 08:52:07 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE3BB1A92E4 for <gen-art@ietf.org>; Mon, 23 Mar 2015 08:52:06 -0700 (PDT)
X-AuditID: 1209190d-f79676d000000da0-11-551036a58996
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id AA.EB.03488.5A630155; Mon, 23 Mar 2015 11:52:05 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t2NFq4Ih031815; Mon, 23 Mar 2015 11:52:04 -0400
Received: from dhcp-b0dd.meeting.ietf.org (dhcp-b0dd.meeting.ietf.org [31.133.176.221]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t2NFq0X8016478 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 23 Mar 2015 11:52:02 -0400
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_BA16626E-915F-4E1D-9F48-4AFE9275E804"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.5b6
From: Justin Richer <jricher@MIT.EDU>
In-Reply-To: <D1347500.10079%peter@akayla.com>
Date: Mon, 23 Mar 2015 10:52:00 -0500
Message-Id: <D2B13C42-D400-457A-8CBD-3DCB439AE528@mit.edu>
References: <D1347500.10079%peter@akayla.com>
To: Peter Yee <peter@akayla.com>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBKsWRmVeSWpSXmKPExsUixG6norvUTCDU4MspKYtzfV3MFldffWax uHeWyYHZo2NZmseSJT+ZPL5c/swWwBzFZZOSmpNZllqkb5fAlXH6ZmrBdoWKR39vMTcwdkt3 MXJySAiYSPR9fcMEYYtJXLi3nq2LkYtDSGAxk8TVnx+YIZyNjBJNU/6zQDhXmCQW3XoB1iIs 4CGx9+djMJtXwEBi7qkvTCBFzAJTGCUanqxjg5grJdH0+hgjiM0moCoxf+UtoCIODk4BPYkZ PWAlLEDheb17mUFsZgEficsPt0HNtJL4/Os4WFxIQFdi5p6vYGNEBBQkvjc/ZQEZIyEgL9Gz KX0Co+AsJFfMQnbFLLCx2hLLFr5mhrA1JfZ3L2eBsOUltr+dAxW3lFg88wZU3FbiVt8CJgjb TuLRtEWsCxg5VjHKpuRW6eYmZuYUpybrFicn5uWlFuka6eVmluilppRuYgRFEqck7w7GdweV DjEKcDAq8fBWBPCHCrEmlhVX5h5ilORgUhLl3aAmECrEl5SfUpmRWJwRX1Sak1p8iFEFaNej DasvMEqx5OXnpSqJ8NaD1PGmJFZWpRblw5RJc7AoifNu+sEXIiSQnliSmp2aWpBaBJOV4eBQ kuD9bQLUKFiUmp5akZaZU4KQZuLgPMQowcEDNFzCFGR4cUFibnFmOkT+FKOilDivFEhCACSR UZoH1wtLgK8YxYHeEub1AaniASZPuO5XQIOZgAafy+cDGVySiJCSamBUcFjleiw1lV2ascS2 t2Wa2ZU1qsdDbRMLZT7Xcm9d82Zro+zldS6OobFNd+/XOdz+xHDkbJbLzZw1c0UmHQ/o3MfN efU7f+uVS1YX7GYbNLyfnnlM8JL1r7nXolmfFi4+FahmuOqiOcehpV+LVp3V55U4fdTtYcW/ jRnmPdmZrBv/mMmxzvmoxFKckWioxVxUnAgAMNNbAFsDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/-sPVWhwI-0F3hVGqk37rpQB9PPk>
Cc: draft-ietf-oauth-dyn-reg-management.all@tools.ietf.org, gen-art@ietf.org
Subject: Re: [Gen-art] Gen-ART LC review of draft-ietf-oauth-dyn-reg-management-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 15:52:15 -0000

Peter, thanks for the review. These are all good suggestions and simple to implement. I’ve incorporated the proposed wording changes into the working copy of the document and they’ll be pushed into the next revision of the document.

Thank you,
 — Justin

> On Mar 23, 2015, at 9:02 AM, Peter Yee <peter@akayla.com> wrote:
> 
> I am the assigned Gen-ART reviewer for this draft. For background on
> Gen-ART, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
> 
> Please resolve these comments along with any other Last Call comments you
> may receive.
> 
> 
> 
> Document: draft-ietf-oauth-dyn-reg-management-09
> Reviewer: Peter Yee
> Review Date: Mar-22-2015
> IETF LC End Date: Mar-23-2015
> IESG Telechat date: TBD
> 
> Summary: This draft is ready for publication as an Experimental RFC, but
> has nits that
> should be fixed before publication. [Ready with nits]
> 
> This specification defines an OAuth client configuration endpoint that be
> can be used to manage dynamic client registration updates and the protocol
> used to interact with it.
> 
> Major issues: None
> 
> Minor issues: None
> 
> Nits: None
> 
> 
> Page 2, section 1, 1st paragraph, 1st sentence: change “at” to “with”.
> “At” makes it sound like the client identifier is a server-only object.
> 
> Page 5, step (D), change “at” to “to”.
> 
> Page 5, step (G), append “or (F)” to the sentence.
> 
> Page 5, section 2, 2nd paragraph: this paragraph is wholly subsumed by the
> Security Considerations.  Why not just put a pointer to there rather than
> duplicate the text?
> 
> Page 6, section 2.2: while not technically incorrect, I would argue that
> the update is being made to the server by the client, albeit with the
> server’s permission.  Thus I find the wording of this first sentence
> somewhat misleading.  Perhaps a rewrite would help?  I find the use of “at
> the server” in the document allows a lot of looseness that encourages
> varying interpretations of what is meant.
> 
> Page 7, 1st paragraph: remove the space in “top- level”.
> 
> Page 7, 2nd paragraph, 2nd sentence: change “client” to “updated client
> metadata fields”.  This is to make it clear the client must not include
> the forbidden fields in the updated fields it presents, but that most
> certainly items like the registration access token will be part of the
> request.
> 
> Page 12, last paragraph, last sentence: clarify disclosure of what?
> Wasn't the deprovisioning process supposed to delete or make unavailable
> the metadata?  So other than not having canceled the registration access
> token, what's to be disclosed?
> 
> Page 15, section B.1, 1st sentence: change “token” to “tokens”.
> 
> Page 15, section B.1, 2nd sentence: change “map” to “may”.
> 
> 
> 
>