IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt

Thomas Hardjono <hardjono@MIT.EDU> Fri, 28 December 2012 00:38 UTC

Return-Path: <hardjono@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0C921F8DCA for <oauth@ietfa.amsl.com>; Thu, 27 Dec 2012 16:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyH3aqRrx-kk for <oauth@ietfa.amsl.com>; Thu, 27 Dec 2012 16:38:31 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (DMZ-MAILSEC-SCANNER-5.MIT.EDU [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 3647921F8DC9 for <oauth@ietf.org>; Thu, 27 Dec 2012 16:38:30 -0800 (PST)
X-AuditID: 12074422-b7f616d000000e7c-40-50dcea06b901
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 4C.BA.03708.60AECD05; Thu, 27 Dec 2012 19:38:30 -0500 (EST)
Received: from outgoing-exchange-1.mit.edu (OUTGOING-EXCHANGE-1.MIT.EDU [18.9.28.15]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id qBS0cTRP023374; Thu, 27 Dec 2012 19:38:29 -0500
Received: from W92EXEDGE6.EXCHANGE.MIT.EDU (W92EXEDGE6.EXCHANGE.MIT.EDU [18.7.73.28]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id qBS0cK80021540; Thu, 27 Dec 2012 19:38:29 -0500
Received: from OC11EXHUB10.exchange.mit.edu (18.9.3.24) by W92EXEDGE6.EXCHANGE.MIT.EDU (18.7.73.28) with Microsoft SMTP Server (TLS) id 14.2.309.2; Thu, 27 Dec 2012 19:36:59 -0500
Received: from OC11EXPO24.exchange.mit.edu ([169.254.1.103]) by OC11EXHUB10.exchange.mit.edu ([18.9.3.24]) with mapi id 14.02.0309.002; Thu, 27 Dec 2012 19:37:29 -0500
From: Thomas Hardjono <hardjono@MIT.EDU>
To: "Anganes, Amanda L" <aanganes@mitre.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
Thread-Index: Ac3kZ80uYlMMo4p2TFO+SThlSNMWiAAFVdwAAASuhzA=
Date: Fri, 28 Dec 2012 00:37:29 +0000
Message-ID: <5E393DF26B791A428E5F003BB6C5342A10CCB5F3@OC11EXPO24.exchange.mit.edu>
References: <5E393DF26B791A428E5F003BB6C5342A10CCB1D7@OC11EXPO24.exchange.mit.edu> <B61A05DAABADEA4EA2F19424825286FA1E672A51@IMCMBX04.MITRE.ORG>
In-Reply-To: <B61A05DAABADEA4EA2F19424825286FA1E672A51@IMCMBX04.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [71.184.223.209]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0000_01CDE469.986139A0"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sb0gTcRjH+d3O223s6pzafmkWHpWVzVQ0TKUsfCG9yBH5xgK73E832qbc baK+2ougsKyMEbagVEaQBjMDDdPIWYmL/ANOnIr5N2s2JYhKS+lul3/efZ57vt/v8zzcj5Sp nUQ0abRYEWdhTQyhxNWKqAQtEZjQJc19lKW/7fkB0vuCASIby3W5VrDcoN0n12EFyiw9MhnL EXfs5GWloaOhES/7XVzhH/BgdhC8VA0UJKRT4Yg/IJd4FxycdBPVQEmq6dcADi+6gFS8AbBt 1imTivcAztj/YqJFTbcDuHTntMTNAA6tMSIT9CHY/6crFBtJF8BPbXZCZBl9EL4YuxEmBkXQ twB8+MgbKiLpGgBHv/bhkiMDLjRMhCbg9AHYOtUZclP0eThfNyiX1rgH4IDvfkikoM/CeZcD iAyEK355n2HSOA0cm3uMSddFwumhD8TGpesd0/+ZgTNd/ZgYKhO3aB4aBdK0cNj3YA6/C6Bz W5Zzu865TSeJkqCrYRWTOAE+aViUSZwJ61a7CYnjoOPmtFziNLj47juoB2QTiNWbq7Rm1mji UZGWL2ItFsRp0xLNRmsi0ttagfjb5TnMS7DSzXgATQJGReVWT+jUYWw5X2n2gN0kxkRRaEH4 tONKqb7SwPKGQs5mQrwH7BdmzbQ0D4Jo3FJqQUwk5fIJOkrPVlYhrnRDFkPijIYa0fvz1HQJ a0VXESpD3EZ3D0kykKr9IhjDOVSCKoqNJutWGyMVHgBJlRD+XFyC4stYM28skfpeEBetodyi mRYbBptl07vxpANAI5wVQXWKKpXw4DfdASEYE4IzVaFgK7vVirYD/cK5+Kyx67MFafvam054 e4ZjWyrW/I6JJWtmBul2BLKXl1V5z25rlNlPC9JTFDmj5ti4ps94b3lh8lF3W/7Ct5KRrNre yaWI1fJ4m24vF9WN/KnL1a/yD/ujsi6k7ETxk+v1Z5Z6i7hxR+N48tTYRVvhNd+pmp9yXWPM 6PEgg/MGNvmIjOPZf2ayy+StAwAA
Subject: Re: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW: New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2012 00:38:32 -0000

Thanks Amanda,

- Scope and types:  We went back and forth with regards to "scope type" and finally just used "type" with the assumption that the reader would know what we mean by it (ie. context dependent).  However, we're very open to going back to the previous language.

- Resource set registration: yes that sentence does read weirdly, will fix :-)

- Resource set registration API:  If Alice (the RO) has already previously registered some resources at the AS, then Alice will already have a PAT token (and the AS knows about Alice, her PAT, her resource sets and scopes). If Alice comes back again with the same PAT and forgets to specificy the path component, we assume the AS is smart enough to figure out which sets Alice is refering to. Does this help? (or does it still read weirdly).

- The {rsreguri} URI component is defined but never used: hmm yes you are correct. Will fix this.


Thank you again.

cheers,

/thomas/

__________________________________________


> -----Original Message-----
> From: Anganes, Amanda L [mailto:aanganes@mitre.org]
> Sent: Thursday, December 27, 2012 4:57 PM
> To: Thomas Hardjono; oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth 2.0 Resource Registration draft -- FW:
> New Version Notification for draft-hardjono-oauth-resource-reg-00.txt
> 
> Hi Thomas,
> 
> Here is some initial feedback.
> 
> Introduction paragraph 2:
> 
> Remove duplicate "with": "the OpenID Provider (OP) component is a
> specialized version of an OAuth authorization server that brokers
> availability of user attributes by dealing *with with* an ecosystem of
> attribute providers (APs)."
> 
> Section 1.2 Terminology:
> 
> This is more of a comment for the UMA WG in general: "scope type" is an
> unfortunate term (which appears in the UMA core draft [1] as well - if
> memory serves the term used to be just "scope" but I couldn't find a
> diff reference for when that changed). Including "type" in the term
> makes it sound like it refers to a class or kind of scope, which
> doesn't seem to be what you mean. I understand that "scope" cannot be
> used since it is already reserved by OAuth, but perhaps a better
> synonym could be found and used instead?
> 
> 2. Resource set registration
> 
> 2nd sentence reads oddly. Change from "For any of the resource owner's
> sets of resources this authorization server needs to be aware of, the
> resource server MUST register these resource setsŠ" to "If this
> authorization server needs to be aware of any of the resource sets, the
> resource server MUST register those resource setsŠ"
> 
> 2.2 Resource set descriptions
> 
> "scopes" and to refer to sets of "scope type"s and "type" to refer to
> the class/kind of resource set this is add to the argument above that
> "scope type" is a misleading term.
> 
> 2.3 Resource set registration API
> 
> I don't understand what this sentence means: "Without a specific
> resource set identifier path component, the URI applies to the set of
> resource set descriptions already registered." Can you clarify?
> 
> The {rsreguri} URI component is defined but never used. It looks like
> all of the "/resource_set" URIs should be prefaced with this component
> throughout the following sections?
> 
> [1] https://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/
> 
> --
> Amanda Anganes
> Info Sys Engineer, G061
> The MITRE Corporation
> 781-271-3103
> aanganes@mitre.org
> 
> 
> On 12/27/12 2:24 PM, "Thomas Hardjono" <hardjono@MIT.EDU> wrote:
> 
> >Folks,
> >
> >The OAuth 2.0 Resource Set Registration draft is essentially a generic
> >first phase of the User Managed Access (UMA) profile of OAuth2.0.
> This
> >allows the RO to "register" (make known) to the AS the resources
> he/she
> >wishes to share.
> >
> >Looking forward to comments/feedback.
> >
> >/thomas/
> >
> >__________________________________________
> >
> >
> >-----Original Message-----
> >From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> >Sent: Thursday, December 27, 2012 2:07 PM
> >To: Thomas Hardjono
> >Subject: New Version Notification for
> >draft-hardjono-oauth-resource-reg-00.txt
> >
> >
> >A new version of I-D, draft-hardjono-oauth-resource-reg-00.txt
> >has been successfully submitted by Thomas Hardjono and posted to the
> IETF
> >repository.
> >
> >Filename:        draft-hardjono-oauth-resource-reg
> >Revision:        00
> >Title:           OAuth 2.0 Resource Set Registration
> >Creation date:   2012-12-27
> >WG ID:           Individual Submission
> >Number of pages: 19
> >URL:
> >http://www.ietf.org/internet-drafts/draft-hardjono-oauth-resource-reg-
> 00.t
> >xt
> >Status:
> >http://datatracker.ietf.org/doc/draft-hardjono-oauth-resource-reg
> >Htmlized:
> >http://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-00
> >
> >
> >Abstract:
> >   This specification defines a resource set registration mechanism
> >   between an OAuth 2.0 authorization server and resource server.  The
> >   resource server registers information about the semantics and
> >   discovery properties of its resources with the authorization
> server.
> >
> >
> >
> >
> >The IETF Secretariat
> >
> >_______________________________________________
> >OAuth mailing list
> >OAuth@ietf.org
> >https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email