IETF Logo Mail Archive

Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft

Brian Campbell <bcampbell@pingidentity.com> Tue, 18 August 2020 22:25 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E587A3A0E47 for <oauth@ietfa.amsl.com>; Tue, 18 Aug 2020 15:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0-vIBkgXObuy for <oauth@ietfa.amsl.com>; Tue, 18 Aug 2020 15:25:39 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 135E33A0E41 for <oauth@ietf.org>; Tue, 18 Aug 2020 15:25:39 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id i10so23209539ljn.2 for <oauth@ietf.org>; Tue, 18 Aug 2020 15:25:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aamMDFzS9oqsGc96zWUN8qlXH61/nMjqajaV9c/IJGs=; b=M74BtbEA3rAwn6HzFZKLfeO7jMbn7kogwFqxdCB3yTnyrxqAOo+kflNo4GZiHvoUOQ iWsgLWeX3c7Jt24+A1ra5pSEtoqpgsZP7HLZMRd4lnA3qd/LT+AuvdeUo9JwJeKgvOPd 2gc3d/RjkAF4sBu4vv8KetkunMlKuE0m+6qX+HDx68RKNNgzP1iBguMWZDvG6elFn6LH Bk2WC4O751E3aggGZZqZ79sDzQPNxvlo6u3jW9Saii9RXPsr1Z6fC5BqOafRLytS2MDz zz+tsRJTGOJxyr/Kbtjof2pPVSNwwtFh+Z1OV2mDQ+uc8h8UgiG1ix0lqIDh9vQn76Ms DXAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aamMDFzS9oqsGc96zWUN8qlXH61/nMjqajaV9c/IJGs=; b=WQ57QJgk5hfzt2Qsg2a4TeO6eq7U2/JTbIiv1sr11I0D/aa5vutk6KQqYxufo2ak7+ he0KGpVtJ5zSBqXpC9vdgJtSozwTHJoSsxNNmo6qCdNdgwREYNkn6z4HJg08upnNjgui 90wKLXK32/PuAAODGHpEz01ReSIc/zb2CTQlSsgScJnd9NR+FK3T2aoOfRHOd0hXirDA p8s1ipsjGxYegDuDbjd8WwblEwqiuiP/ih0lVatjy4i+PqDaPPQvqLzpy4ptt/42XQps 5uX2/Zly9MAmulaUwAXkrodBdGuNyHjlTYjZ/0YmuBJhRjFgmvGyo8ar613suivCWaHo cSIQ==
X-Gm-Message-State: AOAM532J5QMATBlxfQQ9ZSkJog7wEfmYjtpExeBixCmo9MjLkNI8GEFR o29m/E/pr2fFXfGtwbF2ihuGIdG1HzZhpP64ROSll7SW7MVvEnQFBwPiShMSZ1fGj3pbWG332xp 9VskrcwnZfUZACQ==
X-Google-Smtp-Source: ABdhPJwBBiAPk6xZ72pjBhvF+WX2BFO4Ohv97EPtsB2GK+r1pxy2g3c4qZHSHxa00k7edPThJPu1vvoAmfhWMlaNr50=
X-Received: by 2002:a2e:8642:: with SMTP id i2mr11388985ljj.368.1597789537108; Tue, 18 Aug 2020 15:25:37 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com>
In-Reply-To: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 18 Aug 2020 16:25:10 -0600
Message-ID: <CA+k3eCSQBGyW4R+4tJHxfhSWNQ8bHPR39SfwCXdhL=roGdFZ-w@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c920d705ad2e5dc4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-kUs7WoDCivTOPwXi_jS93VOeiQ>
Subject: Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 22:25:41 -0000

A couple of WGLC comments from my sphere.

I'd like to take the discussion of the first item in
https://mailarchive.ietf.org/arch/msg/oauth/iD33QbZTj92LJ6M9wNUq9s3nLpA/ as
a suggestion that the top part of section 2.1
<https://www.ietf.org/id/draft-ietf-oauth-par-03.html#section-2.1> be
reworked or adjusted so as to (hopefully) avoid any confusion that the list
there somehow conveys normative requirements.

The definition of the client require_pushed_authorization_
<https://www.ietf.org/id/draft-ietf-oauth-par-03.html#section-6>requests
metadata parameter
<https://www.ietf.org/id/draft-ietf-oauth-par-03.html#section-6-2.2> needs
to specify a default similar to how the AS metadata parameter of the same
name <https://www.ietf.org/id/draft-ietf-oauth-par-03.html#section-5-2.4>
does - i.e., "If omitted, the default value is false."

On Tue, Aug 11, 2020 at 4:08 PM Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
wrote:

> All,
>
> This is a WGLC on the *Pushed Authorization Requests *document:
> https://www.ietf.org/id/draft-ietf-oauth-par-03.html
>
> Please, take a look and provide feedback on the list by *August 25th.*
>
> Regards,
>  Rifaat & Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email