Re: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
"Anganes, Amanda L" <aanganes@mitre.org> Thu, 27 December 2012 21:57 UTC
Return-Path: <aanganes@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21A8421F8CF0 for <oauth@ietfa.amsl.com>; Thu, 27 Dec 2012 13:57:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FVDXpKailmN for <oauth@ietfa.amsl.com>; Thu, 27 Dec 2012 13:57:24 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id AB41521F8CD7 for <oauth@ietf.org>; Thu, 27 Dec 2012 13:57:23 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 0B94D4390024; Thu, 27 Dec 2012 16:57:23 -0500 (EST)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id DE5544350234; Thu, 27 Dec 2012 16:57:22 -0500 (EST)
Received: from IMCMBX04.MITRE.ORG ([169.254.4.200]) by IMCCAS02.MITRE.ORG ([129.83.29.69]) with mapi id 14.02.0318.004; Thu, 27 Dec 2012 16:57:22 -0500
From: "Anganes, Amanda L" <aanganes@mitre.org>
To: Thomas Hardjono <hardjono@MIT.EDU>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
Thread-Index: Ac3kZ80uYlMMo4p2TFO+SThlSNMWiAAFVdwA
Date: Thu, 27 Dec 2012 21:57:21 +0000
Message-ID: <B61A05DAABADEA4EA2F19424825286FA1E672A51@IMCMBX04.MITRE.ORG>
In-Reply-To: <5E393DF26B791A428E5F003BB6C5342A10CCB1D7@OC11EXPO24.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
x-originating-ip: [172.31.38.112]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <2BF61D826983D244A516E874DD55DB6C@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2012 21:57:25 -0000
Hi Thomas, Here is some initial feedback. Introduction paragraph 2: Remove duplicate "with": "the OpenID Provider (OP) component is a specialized version of an OAuth authorization server that brokers availability of user attributes by dealing *with with* an ecosystem of attribute providers (APs)." Section 1.2 Terminology: This is more of a comment for the UMA WG in general: "scope type" is an unfortunate term (which appears in the UMA core draft [1] as well - if memory serves the term used to be just "scope" but I couldn't find a diff reference for when that changed). Including "type" in the term makes it sound like it refers to a class or kind of scope, which doesn't seem to be what you mean. I understand that "scope" cannot be used since it is already reserved by OAuth, but perhaps a better synonym could be found and used instead? 2. Resource set registration 2nd sentence reads oddly. Change from "For any of the resource owner's sets of resources this authorization server needs to be aware of, the resource server MUST register these resource setsŠ" to "If this authorization server needs to be aware of any of the resource sets, the resource server MUST register those resource setsŠ" 2.2 Resource set descriptions "scopes" and to refer to sets of "scope type"s and "type" to refer to the class/kind of resource set this is add to the argument above that "scope type" is a misleading term. 2.3 Resource set registration API I don't understand what this sentence means: "Without a specific resource set identifier path component, the URI applies to the set of resource set descriptions already registered." Can you clarify? The {rsreguri} URI component is defined but never used. It looks like all of the "/resource_set" URIs should be prefaced with this component throughout the following sections? [1] https://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/ -- Amanda Anganes Info Sys Engineer, G061 The MITRE Corporation 781-271-3103 aanganes@mitre.org On 12/27/12 2:24 PM, "Thomas Hardjono" <hardjono@MIT.EDU> wrote: >Folks, > >The OAuth 2.0 Resource Set Registration draft is essentially a generic >first phase of the User Managed Access (UMA) profile of OAuth2.0. This >allows the RO to "register" (make known) to the AS the resources he/she >wishes to share. > >Looking forward to comments/feedback. > >/thomas/ > >__________________________________________ > > >-----Original Message----- >From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] >Sent: Thursday, December 27, 2012 2:07 PM >To: Thomas Hardjono >Subject: New Version Notification for >draft-hardjono-oauth-resource-reg-00.txt > > >A new version of I-D, draft-hardjono-oauth-resource-reg-00.txt >has been successfully submitted by Thomas Hardjono and posted to the IETF >repository. > >Filename: draft-hardjono-oauth-resource-reg >Revision: 00 >Title: OAuth 2.0 Resource Set Registration >Creation date: 2012-12-27 >WG ID: Individual Submission >Number of pages: 19 >URL: >http://www.ietf.org/internet-drafts/draft-hardjono-oauth-resource-reg-00.t >xt >Status: >http://datatracker.ietf.org/doc/draft-hardjono-oauth-resource-reg >Htmlized: >http://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-00 > > >Abstract: > This specification defines a resource set registration mechanism > between an OAuth 2.0 authorization server and resource server. The > resource server registers information about the semantics and > discovery properties of its resources with the authorization server. > > > > >The IETF Secretariat > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth 2.0 Resource Registration draft … Thomas Hardjono
- Re: [OAUTH-WG] OAuth 2.0 Resource Registration dr… Anganes, Amanda L
- Re: [OAUTH-WG] OAuth 2.0 Resource Registration dr… Thomas Hardjono
- Re: [OAUTH-WG] OAuth 2.0 Resource Registration dr… Eve Maler
- Re: [OAUTH-WG] OAuth 2.0 Resource Registration dr… Anganes, Amanda L
- Re: [OAUTH-WG] OAuth 2.0 Resource Registration dr… Eve Maler