Re: [oauth-ext-review] Request to register OAuth parameters
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 25 November 2015 22:42 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CE721B31ED for <oauth-ext-review@ietfa.amsl.com>; Wed, 25 Nov 2015 14:42:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.185
X-Spam-Level:
X-Spam-Status: No, score=-3.185 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRIEzALkpqwu for <oauth-ext-review@ietfa.amsl.com>; Wed, 25 Nov 2015 14:42:50 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D4F01B31F0 for <oauth-ext-review@ietf.org>; Wed, 25 Nov 2015 14:42:49 -0800 (PST)
Received: from [192.168.10.143] ([80.92.121.34]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MA8hF-1aCx2Y0YNF-00BL36; Wed, 25 Nov 2015 23:42:43 +0100
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth-ext-review@ietf.org" <oauth-ext-review@ietf.org>
References: <BY2PR03MB4424406C33CD644C5B95956F5110@BY2PR03MB442.namprd03.prod.outlook.com> <56544B70.2090502@gmx.net> <BY2PR03MB442D8119F0D936B3B18A335F5050@BY2PR03MB442.namprd03.prod.outlook.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <5656395F.5050509@gmx.net>
Date: Wed, 25 Nov 2015 23:42:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <BY2PR03MB442D8119F0D936B3B18A335F5050@BY2PR03MB442.namprd03.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ScGIkqCcBFLs4dd2KlGIoQiUKLOLdxar9"
X-Provags-ID: V03:K0:inSHGewXhkhdyGlW/0yJTi+MBRu4LOLPSP+68aLnwqb5vFsdIKZ yILEvH3GmmYU3ovw6qQiFNpuJxtEatPZP7LO2a5pFhGiya0yAV4ZqbTWVeztdjYOZgamY3r N/c6kvReyFcut7ivTSmr1tIhXsXrHFa9l6+yUleGmOfeGIlhb4Qyn2QSjrLBwAqzZwrCz/e z4WpFMBQZkbxUMDixhcaw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:F7jPEsC7kdU=:DB/cJa41q/UOZjbBLXsfQ2 IvNLmPlyM4y6QQ93Le59VSnLwfYJR4jXmKYAGRa0WTFSUS8uKoDRE4UmdFT7mFjIAQ2R2kjC3 IOm2SbB33jTF6RBU03XlwgO914m7pumzL9QC4+tLzxXzAeJ41SkjPdiHo1iuScdaW+VUUDIp0 npn7M9g0eqcZNfip70PTumA4svDdnwcsUIzN1jsUYQEafB7D25bkrYeMBaXN3bZ4YnD+MMKeK GBCvXkLZ91Ta8dqFBLm3LcXEIs4htIK1JoVEhoYENJOjjQ8F4s1M/Fh3T+zw6bP2rJrDQ7Op3 E6fkTAdwX1713rHiL8oXna71nEYf4/XMav9drOasQs0tJHk2LlM3wPMYnMFh3b6+jAIDiPd+n /lIXXXbm7vZgYp21wbW+/5ZrndgbIJ0gz+kZ7UArPHBRG5gLvFJNZ31ebkMxjFgG6gaSOx593 8O75ErW2et/07Hd67sWZMDX9AxooxekgFeFf1g2dfBV7xZpOYPmys82884d3kP4Stag90bCa4 swMYjWYkQS45IRVciDkgjqbKScWaS+x2nGqIlBXEuJja4Jan46OPP9P5ZEv1rxreiIGQTM3ds vbiOM/V+KgIEyrv8MMW9r47RcdccXD7V8yCvoOaUkd/xPfetD0GeRvjzmyt9GxpbVVGvxxjsO dKmJ4lRqGtGZF1ndDGmPR8UjpWiABPN3CzJGO05jZDVMuN/03mMbseJW17BGhG188mFfw2wEC boGy7BITjGNCW8UT09GiXmuSEM5NBYah3tD1fcMChxV0v2gcbfubsvt10g8=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth-ext-review/wTuVfveEs3yIUKvEEkis-R0Eg3A>
Subject: Re: [oauth-ext-review] Request to register OAuth parameters
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 22:42:53 -0000
Thanks for the quick response. This makes sense. Keep the OpenID Foundation Artifact Binding Working Group as the change controller for consistency reasons; the OpenID Foundation will have to figure out who the appropriate contact point will be after the close the working group. I consider my review as completed. Ciao Hannes On 11/25/2015 05:57 AM, Mike Jones wrote: > All the existing OpenID Connect registrations at http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml already list the OpenID Foundation Artifact Binding Working Group as the change controller. Consistency argues for all them being the same. > > Given that the OpenID Foundation is listed, should the working group be closed, the foundation would be able to take over as the change controller anyway. > > -- Mike > > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Tuesday, November 24, 2015 3:35 AM > To: Mike Jones <Michael.Jones@microsoft.com>; oauth-ext-review@ietf.org > Subject: Re: Request to register OAuth parameters > > Hi Mike, > > thanks for the request. > > I have read through the list of items and I don't see a problem with the proposed entries to the two registries. Hence, I approve them. > > I only have one minor question: Do you think that the change controller should be the 'OpenID Foundation Artifact Binding Working Group'? I would have rather said that it would better be the OpenID Foundation in general since that specific working group may not exist forever. > > To IANA: Use the text from the original email since the text below seems to be garbled. Also note that the words 'Section 2 of this document' > refer to Section 2 of this specification: > http://openid.net/specs/openid-connect-registration-1_0-29.html > > Ciao > Hannes > > > On 11/13/2015 08:47 PM, Mike Jones wrote: >> Dear Designated Experts and IANA, >> >> >> >> I am writing to you on behalf of the OpenID Connect Artifact Binding >> working group requesting to register the OAuth Dynamic Client >> Registration Metadata and OAuth Token Endpoint Authentication Methods >> parameters defined in >> http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA. >> The individual registration requests are repeated below. >> >> >> >> These parameters were defined in the OpenID Dynamic Client >> Registration specification that became final in February, 2014. Now >> that the OAuth Dynamic Client Registration Metadata registry and the >> OAuth Token Endpoint Authentication Methods registries have been >> established at >> http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtm >> l#client-metadata >> and >> http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtm >> l#token-endpoint-auth-method, those parameters not already registered >> by RFC 7591 are now being registered. >> >> >> >> Thank you, >> >> -- Mike >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> * TOC * >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> >> >> >> 10.1. OAuth Dynamic Client Registration Metadata Registration >> >> This specification registers the following client metadata definitions >> in the IANA "OAuth Dynamic Client Registration Metadata" registry >> [IANA.OAuth.Parameters] >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA. >> OAuth.Parameters> >> established by [RFC7591] >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#RFC7591>: >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> * TOC * >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> >> >> >> 10.1.1. Registry Contents >> >> * Client Metadata Name: application_type >> >> * Client Metadata Description: Kind of the application -- >> "native" or "web" >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: sector_identifier_uri >> >> * Client Metadata Description: URL using the httpsscheme to be >> used in calculating Pseudonymous Identifiers by the OP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: subject_type >> >> * Client Metadata Description: subject_typerequested for >> responses to this Client -- "pairwise" or "public" >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: id_token_signed_response_alg >> >> * Client Metadata Description: JWS algalgorithm REQUIRED for >> signing the ID Token issued to this Client >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: id_token_encrypted_response_alg >> >> * Client Metadata Description: JWE algalgorithm REQUIRED for >> encrypting the ID Token issued to this Client >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: id_token_encrypted_response_enc >> >> * Client Metadata Description: JWE encalgorithm REQUIRED for >> encrypting the ID Token issued to this Client >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: userinfo_signed_response_alg >> >> * Client Metadata Description: JWS algalgorithm REQUIRED for >> signing UserInfo Responses >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: userinfo_encrypted_response_alg >> >> * Client Metadata Description: JWE algalgorithm REQUIRED for >> encrypting UserInfo Responses >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: userinfo_encrypted_response_enc >> >> * Client Metadata Description: JWE encalgorithm REQUIRED for >> encrypting UserInfo Responses >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: request_object_signing_alg >> >> * Client Metadata Description: JWS algalgorithm that MUST be used >> for signing Request Objects sent to the OP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: request_object_encryption_alg >> >> * Client Metadata Description: JWE algalgorithm the RP is >> declaring that it may use for encrypting Request Objects sent to the >> OP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: request_object_encryption_enc >> >> * Client Metadata Description: JWE encalgorithm the RP is >> declaring that it may use for encrypting Request Objects sent to the >> OP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: token_endpoint_auth_signing_alg >> >> * Client Metadata Description: JWS algalgorithm that MUST be used >> for signing the JWT used to authenticate the Client at the Token >> Endpoint for the private_key_jwtand client_secret_jwtauthentication >> methods >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: default_max_age >> >> * Client Metadata Description: Default Maximum Authentication Age >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: require_auth_time >> >> * Client Metadata Description: Boolean value specifying whether >> the auth_timeClaim in the ID Token is REQUIRED >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: default_acr_values >> >> * Client Metadata Description: Default requested Authentication >> Context Class Reference values >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: initiate_login_uri >> >> * Client Metadata Description: URI using the httpsscheme that a >> third party can use to initiate a login by the RP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> * Client Metadata Name: request_uris >> >> * Client Metadata Description: Array of request_urivalues that >> are pre-registered by the RP for use at the OP >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 2 (Client Metadata) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#Clien >> tMetadata> >> of this document >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> * TOC * >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> >> >> >> 10.2. OAuth Token Endpoint Authentication Methods Registration >> >> This specification registers the following token endpoint >> authentication methods in the IANA "OAuth Token Endpoint Authentication Methods" >> registry [IANA.OAuth.Parameters] >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA. >> OAuth.Parameters> >> established by [RFC7591] >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#RFC7591>: >> >> >> >> ---------------------------------------------------------------------- >> -- >> >> * TOC * >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> >> >> >> 10.2.1. Registry Contents >> >> * Token Endpoint Authentication Method Name: client_secret_jwt >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 9 of OpenID Connect Core 1.0 >> [OpenID.Core] (Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., >> and C. Mortimore, "OpenID Connect Core 1.0," August 2015.) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#OpenI >> D.Core> >> >> >> * Token Endpoint Authentication Method Name: private_key_jwt >> >> * Change Controller: OpenID Foundation Artifact Binding Working >> Group - openid-specs-ab@lists.openid.net >> >> * Specification Document(s): Section 9 of OpenID Connect Core 1.0 >> [OpenID.Core] (Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., >> and C. Mortimore, "OpenID Connect Core 1.0," August 2015.) >> <http://openid.net/specs/openid-connect-registration-1_0-29.html#OpenI >> D.Core> >> >> >> >> >
- [oauth-ext-review] Request to register OAuth para… Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- Re: [oauth-ext-review] Request to register OAuth … Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- [oauth-ext-review] Fwd: Re: Request to register O… Hannes Tschofenig