Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt
George Fletcher <gffletch@aol.com> Tue, 24 September 2019 20:45 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72A412004E for <oauth@ietfa.amsl.com>; Tue, 24 Sep 2019 13:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aol.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reTsKRTgxeGk for <oauth@ietfa.amsl.com>; Tue, 24 Sep 2019 13:45:47 -0700 (PDT)
Received: from sonic317-26.consmr.mail.bf2.yahoo.com (sonic317-26.consmr.mail.bf2.yahoo.com [74.6.129.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB38120058 for <oauth@ietf.org>; Tue, 24 Sep 2019 13:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1569357946; bh=W11yn813CCvWx8luLxsxoPTxLop6St02vKyqRoNRK6w=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=Ili7xtdDPdh44JZGHVH1ZcSTcpE0uOyv/Mw2uYTVWs+g2lqmKL1GsLnqXSHQSGnXvLX5F/A8PY28b7DEpSf203r66ofZv0VKkKC7u/wRVS64BMCYsoRsGnxKt+IkRWyjlTC568msYGRHhpqKfyIgnzYy1s/yaKU+sKgd1XSthMHitaZ8Q0paHlOauN7MNCfJ9y6KiyTE+QsFcT4A/qVMLz3Q8/F20kfMAP7MyC0IxyiSPp1IMEm7XPqNunDPz4sl5SbjjX0E3MOBPfrjt/hQsHk+dcwtX80RjRYk9X4pRK8jJtW0Q/ff1iyWOLRgDQjhNy7ejmCI3rT0/XeEMkqAAw==
X-YMail-OSG: xwATUbUVM1nQnBtim2DAt6rVYxD7ckRYj.fPx.c_3LX827ooZ_9vSzvsj6IhoUZ Ei2jIFe2gBT38XUckzaj_elCz8J48UtubPBgvVPs98xn355LWU2fS4AwhVwE_ps2bK1DJhUwBiPM v8IKir2AdN6k02BAwaMYqvB3ny1UMYU16k7xGO5QWmbn0mHEpi6.A6DO2TXJLmGYUYXjKpbd0SGm 2Gyzq7xmYwMHlA9IjFcN8d6nkpyXoMIiUN.Cspy5KIXWCz8cRwMl6MNCaIyWmPCxxSjIuGnhxXpa P2ESmaD6ix6dwfLRMUgjvT4IPIK7lKrR.NLVs3Uoh4Gg6a8X3VjtL0267Lwb_KCdsT8VsEFmUixG C5cB.afAmMOYXym9ywmEoxgSJIdro2HbW09EN.chUBUKAnSAbHCiGZAH3dUh3hJ6jNGpHEohFGbN JOMEeuHh6V8KBvzrVkwEVQghDd_FpDAUhxRREaKnEIG83OuhoPvepFfr3UZshKcKqSpwmbLOaWvQ NPpuxKV13W34Q6kwIU88UVkpu.2Xhmw85dbqngOV5zJ6dxMALxcZgOBqsUYadlBHizzIrJn.NJ6P M_WEL9sx5pV95WUDF3i3tFQPi2xna5WbV5uk36r66jXz6fOg0bhG0omolN_CAeZi29ThsOR2QJmd MhZyao_laQXDUo_dcKYgtGbC2vFBZswsRfictmTaHTTaLHmqooGpN0wRp7VrbGIRPOGfjQVqH4AS 38eyg6CAGLdO.M2bPU3vYMnOqI0xYRW93oeP_T4FbP0X_s4AmZICkdN.SPch5MSCDoBmtLPnTRHf waCh1gfCZJyuNO_wOQSTpf.QeBiutX_6GS658LcrzKM0rKwGFBU9zP1Y5am8ISSamY.6Nt61Blfi uefO0vtj.YpYW6xnwndN_I3YpBEnw91oBfxzVW7Zza.Ou1pIAQtvhK0ZrameXfAEp4OmVMJ_J0XC cD6J15qmQC7mGIPP_vfpaeejbD1JEIAPqC0sA0hpRseBgVfehITdSBWLA8grh5EgME79d7rSGgyg Bf5JE_owzryDWmUWtRtiQjiZTM8s_6avu05.WAKGffKCX4zz_adgAxWa1WA2taUtchWHORRpzl2L kZrMhX4i8obpi4hz0XdcSClGUoh8L0oprKDiWjVCRHfwQGBYzGm4_eR2Ipvg2IT9lyriKrZK1ihf t714Ei7253GjCu_vlDsVckAlbTiUeqZCMrCWrD7CIZWUree_r6xVcGqEMZ.5Z8IG8L1n.bATlnM9 AMGvJLn5Dla7CGN9Easkgrtz0fqMeJlreWPg2qfZy2RU02TYmWFyBDY56L4R_Dde0C_X32J3W6w- -
Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Tue, 24 Sep 2019 20:45:46 +0000
Received: by smtp431.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2575ff7eaafd71349a1cd318e2efd91f; Tue, 24 Sep 2019 20:45:41 +0000 (UTC)
To: Torsten Lodderstedt <torsten@lodderstedt.net>, oauth <oauth@ietf.org>
Cc: Justin Richer <justin@bspk.io>
References: <156907504831.22964.1710780113673136607.idtracker@ietfa.amsl.com> <A82AA337-86BF-485D-901B-3A3C73C6177B@lodderstedt.net>
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
Message-ID: <e4427073-f995-4337-ca7c-99a92c745bf2@aol.com>
Date: Tue, 24 Sep 2019 16:45:40 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <A82AA337-86BF-485D-901B-3A3C73C6177B@lodderstedt.net>
Content-Type: multipart/alternative; boundary="------------728EF9EE06198DFC9CEADCDE"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1Dyp1CBTpEAjSMcihGFH_Qvj5sA>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 20:45:50 -0000
Just two questions... 1. What is the rationale that 'data' is really an array of arbitrary top-level claims? I find looking at the spec and not finding a 'data' section a little confusing. 2. What is the rationale for sending the JSON object as a urlencoded JSON string rather than a base64url encoded JSON string? The later would likely be smaller and easier to read:) Thanks, George On 9/21/19 1:51 PM, Torsten Lodderstedt wrote: > Hi all, > > I just published a draft about ???OAuth 2.0 Rich Authorization Requests??? > (formerly known as ???structured scopes???). > > https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02 > > It specifies a new parameter?????authorization_details"??that is used to > carry fine grained authorization data in the OAuth authorization > request. This mechanisms was designed based on experiences gathered in > the field of open banking, e.g. PSD2, and is intended to make the > implementation of rich and transaction oriented authorization requests > much easier than with current OAuth 2.0. > > I???m happy that Justin Richer and Brian Campbell joined me as authors > of this draft. We would would like to thank Daniel Fett, Sebastian > Ebling, Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their > valuable feedback during the preparation of this draft. > > We look forward to getting your feedback. > > kind regards, > Torsten. > >> Begin forwarded message: >> >> *From: *internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> >> *Subject: **New Version Notification for >> draft-lodderstedt-oauth-rar-02.txt* >> *Date: *21. September 2019 at 16:10:48 CEST >> *To: *"Justin Richer" <ietf@justin.richer.org >> <mailto:ietf@justin.richer.org>>, "Torsten Lodderstedt" >> <torsten@lodderstedt.net <mailto:torsten@lodderstedt.net>>, "Brian >> Campbell" <bcampbell@pingidentity.com >> <mailto:bcampbell@pingidentity.com>> >> >> >> A new version of I-D, draft-lodderstedt-oauth-rar-02.txt >> has been successfully submitted by Torsten Lodderstedt and posted to the >> IETF repository. >> >> Name:draft-lodderstedt-oauth-rar >> Revision:02 >> Title:OAuth 2.0 Rich Authorization Requests >> Document date:2019-09-20 >> Group:Individual Submission >> Pages:16 >> URL: >> https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt >> Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/ >> Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02 >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar >> Diff: https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02 >> >> Abstract: >> ????This document specifies a new parameter "authorization_details" that >> ????is used to carry fine grained authorization data in the OAuth >> ????authorization request. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org >> <http://tools.ietf.org>. >> >> The IETF Secretariat >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: New Version Notification for draf… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Janak Amarasena
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: New Version Notification for … George Fletcher
- Re: [OAUTH-WG] Fwd: New Version Notification for … Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Aaron Parecki
- Re: [OAUTH-WG] Fwd: New Version Notification for … George Fletcher
- Re: [OAUTH-WG] Fwd: New Version Notification for … Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Aaron Parecki
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… George Fletcher
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer