Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72A412004E for ; Tue, 24 Sep 2019 13:45:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aol.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reTsKRTgxeGk for ; Tue, 24 Sep 2019 13:45:47 -0700 (PDT) Received: from sonic317-26.consmr.mail.bf2.yahoo.com (sonic317-26.consmr.mail.bf2.yahoo.com [74.6.129.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB38120058 for ; Tue, 24 Sep 2019 13:45:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1569357946; bh=W11yn813CCvWx8luLxsxoPTxLop6St02vKyqRoNRK6w=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=Ili7xtdDPdh44JZGHVH1ZcSTcpE0uOyv/Mw2uYTVWs+g2lqmKL1GsLnqXSHQSGnXvLX5F/A8PY28b7DEpSf203r66ofZv0VKkKC7u/wRVS64BMCYsoRsGnxKt+IkRWyjlTC568msYGRHhpqKfyIgnzYy1s/yaKU+sKgd1XSthMHitaZ8Q0paHlOauN7MNCfJ9y6KiyTE+QsFcT4A/qVMLz3Q8/F20kfMAP7MyC0IxyiSPp1IMEm7XPqNunDPz4sl5SbjjX0E3MOBPfrjt/hQsHk+dcwtX80RjRYk9X4pRK8jJtW0Q/ff1iyWOLRgDQjhNy7ejmCI3rT0/XeEMkqAAw== X-YMail-OSG: xwATUbUVM1nQnBtim2DAt6rVYxD7ckRYj.fPx.c_3LX827ooZ_9vSzvsj6IhoUZ Ei2jIFe2gBT38XUckzaj_elCz8J48UtubPBgvVPs98xn355LWU2fS4AwhVwE_ps2bK1DJhUwBiPM v8IKir2AdN6k02BAwaMYqvB3ny1UMYU16k7xGO5QWmbn0mHEpi6.A6DO2TXJLmGYUYXjKpbd0SGm 2Gyzq7xmYwMHlA9IjFcN8d6nkpyXoMIiUN.Cspy5KIXWCz8cRwMl6MNCaIyWmPCxxSjIuGnhxXpa P2ESmaD6ix6dwfLRMUgjvT4IPIK7lKrR.NLVs3Uoh4Gg6a8X3VjtL0267Lwb_KCdsT8VsEFmUixG C5cB.afAmMOYXym9ywmEoxgSJIdro2HbW09EN.chUBUKAnSAbHCiGZAH3dUh3hJ6jNGpHEohFGbN JOMEeuHh6V8KBvzrVkwEVQghDd_FpDAUhxRREaKnEIG83OuhoPvepFfr3UZshKcKqSpwmbLOaWvQ NPpuxKV13W34Q6kwIU88UVkpu.2Xhmw85dbqngOV5zJ6dxMALxcZgOBqsUYadlBHizzIrJn.NJ6P M_WEL9sx5pV95WUDF3i3tFQPi2xna5WbV5uk36r66jXz6fOg0bhG0omolN_CAeZi29ThsOR2QJmd MhZyao_laQXDUo_dcKYgtGbC2vFBZswsRfictmTaHTTaLHmqooGpN0wRp7VrbGIRPOGfjQVqH4AS 38eyg6CAGLdO.M2bPU3vYMnOqI0xYRW93oeP_T4FbP0X_s4AmZICkdN.SPch5MSCDoBmtLPnTRHf waCh1gfCZJyuNO_wOQSTpf.QeBiutX_6GS658LcrzKM0rKwGFBU9zP1Y5am8ISSamY.6Nt61Blfi uefO0vtj.YpYW6xnwndN_I3YpBEnw91oBfxzVW7Zza.Ou1pIAQtvhK0ZrameXfAEp4OmVMJ_J0XC cD6J15qmQC7mGIPP_vfpaeejbD1JEIAPqC0sA0hpRseBgVfehITdSBWLA8grh5EgME79d7rSGgyg Bf5JE_owzryDWmUWtRtiQjiZTM8s_6avu05.WAKGffKCX4zz_adgAxWa1WA2taUtchWHORRpzl2L kZrMhX4i8obpi4hz0XdcSClGUoh8L0oprKDiWjVCRHfwQGBYzGm4_eR2Ipvg2IT9lyriKrZK1ihf t714Ei7253GjCu_vlDsVckAlbTiUeqZCMrCWrD7CIZWUree_r6xVcGqEMZ.5Z8IG8L1n.bATlnM9 AMGvJLn5Dla7CGN9Easkgrtz0fqMeJlreWPg2qfZy2RU02TYmWFyBDY56L4R_Dde0C_X32J3W6w- - Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Tue, 24 Sep 2019 20:45:46 +0000 Received: by smtp431.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2575ff7eaafd71349a1cd318e2efd91f; Tue, 24 Sep 2019 20:45:41 +0000 (UTC) To: Torsten Lodderstedt , oauth Cc: Justin Richer References: <156907504831.22964.1710780113673136607.idtracker@ietfa.amsl.com> From: George Fletcher Organization: AOL LLC Message-ID: Date: Tue, 24 Sep 2019 16:45:40 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------728EF9EE06198DFC9CEADCDE" Content-Language: en-US Archived-At: Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Sep 2019 20:45:50 -0000 This is a multi-part message in MIME format. --------------728EF9EE06198DFC9CEADCDE Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Just two questions... 1. What is the rationale that 'data' is really an array of arbitrary top-level claims? I find looking at the spec and not finding a 'data' section a little confusing. 2. What is the rationale for sending the JSON object as a urlencoded JSON string rather than a base64url encoded JSON string? The later would likely be smaller and easier to read:) Thanks, George On 9/21/19 1:51 PM, Torsten Lodderstedt wrote: > Hi all, > > I just published a draft about ???OAuth 2.0 Rich Authorization Requests??? > (formerly known as ???structured scopes???). > > https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02 > > It specifies a new parameter?????authorization_details"??that is used to > carry fine grained authorization data in the OAuth authorization > request. This mechanisms was designed based on experiences gathered in > the field of open banking, e.g. PSD2, and is intended to make the > implementation of rich and transaction oriented authorization requests > much easier than with current OAuth 2.0. > > I???m happy that Justin Richer and Brian Campbell joined me as authors > of this draft. We would would like to thank Daniel Fett, Sebastian > Ebling, Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their > valuable feedback during the preparation of this draft. > > We look forward to getting your feedback. > > kind regards, > Torsten. > >> Begin forwarded message: >> >> *From: *internet-drafts@ietf.org >> *Subject: **New Version Notification for >> draft-lodderstedt-oauth-rar-02.txt* >> *Date: *21. September 2019 at 16:10:48 CEST >> *To: *"Justin Richer" > >, "Torsten Lodderstedt" >> >, "Brian >> Campbell" > > >> >> >> A new version of I-D, draft-lodderstedt-oauth-rar-02.txt >> has been successfully submitted by Torsten Lodderstedt and posted to the >> IETF repository. >> >> Name:draft-lodderstedt-oauth-rar >> Revision:02 >> Title:OAuth 2.0 Rich Authorization Requests >> Document date:2019-09-20 >> Group:Individual Submission >> Pages:16 >> URL: >> https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt >> Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/ >> Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02 >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar >> Diff: https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02 >> >> Abstract: >> ????This document specifies a new parameter "authorization_details" that >> ????is used to carry fine grained authorization data in the OAuth >> ????authorization request. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org >> . >> >> The IETF Secretariat >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --------------728EF9EE06198DFC9CEADCDE Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Just two questions...

1. What is the rationale that 'data' is really an array of arbitrary top-level claims? I find looking at the spec and not finding a 'data' section a little confusing.

2. What is the rationale for sending the JSON object as a urlencoded JSON string rather than a base64url encoded JSON string? The later would likely be smaller and easier to read:)

Thanks,
George

On 9/21/19 1:51 PM, Torsten Lodderstedt wrote:
Hi all,??

I just published a draft about ???OAuth 2.0 Rich Authorization Requests??? (formerly known as ???structured scopes???).??


It specifies a new parameter?????authorization_details"??that is used to carry fine grained authorization data in the OAuth authorization request. This mechanisms was designed based on experiences gathered in the field of open banking, e.g. PSD2, and is intended to make the implementation of rich and transaction oriented authorization requests much easier than with current OAuth 2.0.

I???m happy that Justin Richer and Brian Campbell joined me as authors of this draft. We would would like to thank Daniel Fett, Sebastian Ebling, Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their valuable feedback during the preparation of this draft.

We look forward to getting your feedback.??

kind regards,
Torsten.??

Begin forwarded message:

Subject: New Version Notification for draft-lodderstedt-oauth-rar-02.txt
Date: 21. September 2019 at 16:10:48 CEST
To: "Justin Richer" <ietf@justin.richer.org>, "Torsten Lodderstedt" <torsten@lodderstedt.net>, "Brian Campbell" <bcampbell@pingidentity.com>


A new version of I-D, draft-lodderstedt-oauth-rar-02.txt
has been successfully submitted by Torsten Lodderstedt and posted to the
IETF repository.

Name: draft-lodderstedt-oauth-rar
Revision: 02
Title: OAuth 2.0 Rich Authorization Requests
Document date: 2019-09-20
Group: Individual Submission
Pages: 16
URL: ??????????????????????https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt
Status: ????????????????https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/
Htmlized: ????????????https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
Htmlized: ????????????https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
Diff: ????????????????????https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02

Abstract:
????This document specifies a new parameter "authorization_details" that
????is used to carry fine grained authorization data in the OAuth
????authorization request.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

--------------728EF9EE06198DFC9CEADCDE--