Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt

George Fletcher <gffletch@aol.com> Tue, 24 September 2019 20:45 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72A412004E for <oauth@ietfa.amsl.com>; Tue, 24 Sep 2019 13:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aol.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reTsKRTgxeGk for <oauth@ietfa.amsl.com>; Tue, 24 Sep 2019 13:45:47 -0700 (PDT)
Received: from sonic317-26.consmr.mail.bf2.yahoo.com (sonic317-26.consmr.mail.bf2.yahoo.com [74.6.129.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB38120058 for <oauth@ietf.org>; Tue, 24 Sep 2019 13:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1569357946; bh=W11yn813CCvWx8luLxsxoPTxLop6St02vKyqRoNRK6w=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=Ili7xtdDPdh44JZGHVH1ZcSTcpE0uOyv/Mw2uYTVWs+g2lqmKL1GsLnqXSHQSGnXvLX5F/A8PY28b7DEpSf203r66ofZv0VKkKC7u/wRVS64BMCYsoRsGnxKt+IkRWyjlTC568msYGRHhpqKfyIgnzYy1s/yaKU+sKgd1XSthMHitaZ8Q0paHlOauN7MNCfJ9y6KiyTE+QsFcT4A/qVMLz3Q8/F20kfMAP7MyC0IxyiSPp1IMEm7XPqNunDPz4sl5SbjjX0E3MOBPfrjt/hQsHk+dcwtX80RjRYk9X4pRK8jJtW0Q/ff1iyWOLRgDQjhNy7ejmCI3rT0/XeEMkqAAw==
X-YMail-OSG: xwATUbUVM1nQnBtim2DAt6rVYxD7ckRYj.fPx.c_3LX827ooZ_9vSzvsj6IhoUZ Ei2jIFe2gBT38XUckzaj_elCz8J48UtubPBgvVPs98xn355LWU2fS4AwhVwE_ps2bK1DJhUwBiPM v8IKir2AdN6k02BAwaMYqvB3ny1UMYU16k7xGO5QWmbn0mHEpi6.A6DO2TXJLmGYUYXjKpbd0SGm 2Gyzq7xmYwMHlA9IjFcN8d6nkpyXoMIiUN.Cspy5KIXWCz8cRwMl6MNCaIyWmPCxxSjIuGnhxXpa P2ESmaD6ix6dwfLRMUgjvT4IPIK7lKrR.NLVs3Uoh4Gg6a8X3VjtL0267Lwb_KCdsT8VsEFmUixG C5cB.afAmMOYXym9ywmEoxgSJIdro2HbW09EN.chUBUKAnSAbHCiGZAH3dUh3hJ6jNGpHEohFGbN JOMEeuHh6V8KBvzrVkwEVQghDd_FpDAUhxRREaKnEIG83OuhoPvepFfr3UZshKcKqSpwmbLOaWvQ NPpuxKV13W34Q6kwIU88UVkpu.2Xhmw85dbqngOV5zJ6dxMALxcZgOBqsUYadlBHizzIrJn.NJ6P M_WEL9sx5pV95WUDF3i3tFQPi2xna5WbV5uk36r66jXz6fOg0bhG0omolN_CAeZi29ThsOR2QJmd MhZyao_laQXDUo_dcKYgtGbC2vFBZswsRfictmTaHTTaLHmqooGpN0wRp7VrbGIRPOGfjQVqH4AS 38eyg6CAGLdO.M2bPU3vYMnOqI0xYRW93oeP_T4FbP0X_s4AmZICkdN.SPch5MSCDoBmtLPnTRHf waCh1gfCZJyuNO_wOQSTpf.QeBiutX_6GS658LcrzKM0rKwGFBU9zP1Y5am8ISSamY.6Nt61Blfi uefO0vtj.YpYW6xnwndN_I3YpBEnw91oBfxzVW7Zza.Ou1pIAQtvhK0ZrameXfAEp4OmVMJ_J0XC cD6J15qmQC7mGIPP_vfpaeejbD1JEIAPqC0sA0hpRseBgVfehITdSBWLA8grh5EgME79d7rSGgyg Bf5JE_owzryDWmUWtRtiQjiZTM8s_6avu05.WAKGffKCX4zz_adgAxWa1WA2taUtchWHORRpzl2L kZrMhX4i8obpi4hz0XdcSClGUoh8L0oprKDiWjVCRHfwQGBYzGm4_eR2Ipvg2IT9lyriKrZK1ihf t714Ei7253GjCu_vlDsVckAlbTiUeqZCMrCWrD7CIZWUree_r6xVcGqEMZ.5Z8IG8L1n.bATlnM9 AMGvJLn5Dla7CGN9Easkgrtz0fqMeJlreWPg2qfZy2RU02TYmWFyBDY56L4R_Dde0C_X32J3W6w- -
Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Tue, 24 Sep 2019 20:45:46 +0000
Received: by smtp431.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2575ff7eaafd71349a1cd318e2efd91f; Tue, 24 Sep 2019 20:45:41 +0000 (UTC)
To: Torsten Lodderstedt <torsten@lodderstedt.net>, oauth <oauth@ietf.org>
Cc: Justin Richer <justin@bspk.io>
References: <156907504831.22964.1710780113673136607.idtracker@ietfa.amsl.com> <A82AA337-86BF-485D-901B-3A3C73C6177B@lodderstedt.net>
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
Message-ID: <e4427073-f995-4337-ca7c-99a92c745bf2@aol.com>
Date: Tue, 24 Sep 2019 16:45:40 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <A82AA337-86BF-485D-901B-3A3C73C6177B@lodderstedt.net>
Content-Type: multipart/alternative; boundary="------------728EF9EE06198DFC9CEADCDE"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1Dyp1CBTpEAjSMcihGFH_Qvj5sA>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 20:45:50 -0000

Just two questions...

1. What is the rationale that 'data' is really an array of arbitrary 
top-level claims? I find looking at the spec and not finding a 'data' 
section a little confusing.

2. What is the rationale for sending the JSON object as a urlencoded 
JSON string rather than a base64url encoded JSON string? The later would 
likely be smaller and easier to read:)

Thanks,
George

On 9/21/19 1:51 PM, Torsten Lodderstedt wrote:
> Hi all,
>
> I just published a draft about ???OAuth 2.0 Rich Authorization Requests??? 
> (formerly known as ???structured scopes???).
>
> https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
>
> It specifies a new parameter?????authorization_details"??that is used to 
> carry fine grained authorization data in the OAuth authorization 
> request. This mechanisms was designed based on experiences gathered in 
> the field of open banking, e.g. PSD2, and is intended to make the 
> implementation of rich and transaction oriented authorization requests 
> much easier than with current OAuth 2.0.
>
> I???m happy that Justin Richer and Brian Campbell joined me as authors 
> of this draft. We would would like to thank Daniel Fett, Sebastian 
> Ebling, Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their 
> valuable feedback during the preparation of this draft.
>
> We look forward to getting your feedback.
>
> kind regards,
> Torsten.
>
>> Begin forwarded message:
>>
>> *From: *internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
>> *Subject: **New Version Notification for 
>> draft-lodderstedt-oauth-rar-02.txt*
>> *Date: *21. September 2019 at 16:10:48 CEST
>> *To: *"Justin Richer" <ietf@justin.richer.org 
>> <mailto:ietf@justin.richer.org>>, "Torsten Lodderstedt" 
>> <torsten@lodderstedt.net <mailto:torsten@lodderstedt.net>>, "Brian 
>> Campbell" <bcampbell@pingidentity.com 
>> <mailto:bcampbell@pingidentity.com>>
>>
>>
>> A new version of I-D, draft-lodderstedt-oauth-rar-02.txt
>> has been successfully submitted by Torsten Lodderstedt and posted to the
>> IETF repository.
>>
>> Name:draft-lodderstedt-oauth-rar
>> Revision:02
>> Title:OAuth 2.0 Rich Authorization Requests
>> Document date:2019-09-20
>> Group:Individual Submission
>> Pages:16
>> URL: 
>> https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt
>> Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/
>> Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
>> Htmlized: 
>> https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
>> Diff: https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02
>>
>> Abstract:
>> ????This document specifies a new parameter "authorization_details" that
>> ????is used to carry fine grained authorization data in the OAuth
>> ????authorization request.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of 
>> submission
>> until the htmlized version and diff are available at tools.ietf.org 
>> <http://tools.ietf.org>;.
>>
>> The IETF Secretariat
>>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth