IETF Logo Mail Archive

Re: [OAUTH-WG] Pete Resnick's No Objection on draft-ietf-oauth-assertions-17: (with COMMENT)

Pete Resnick <presnick@qti.qualcomm.com> Thu, 16 October 2014 02:30 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712621ACECC; Wed, 15 Oct 2014 19:30:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id na-Lh603Mbl9; Wed, 15 Oct 2014 19:30:32 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6D411ACEC3; Wed, 15 Oct 2014 19:30:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1413426632; x=1444962632; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=Plwlyq7oEqHb4pnBlVe+vf3r1ikKQ2TuEBfF5zZkR8k=; b=BhYMTaPiGbcakMqT0rq51Xr2suT/NdRW8oT/JPAmmE9HZrIoO6YSPnlH WgFqtBtydhNLJFrf7iMcRTP3t3WtuEBlr6pgO6G1bmYhwaCsY/EB/TMEa upIWfUeeDuTGa2wtDEFm7WaKxm9V/C1nKCHo+TqY01atQhRgyqX/4P22Q 8=;
X-IronPort-AV: E=McAfee;i="5600,1067,7592"; a="166915669"
Received: from ironmsg04-r.qualcomm.com ([172.30.46.18]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Oct 2014 19:30:31 -0700
X-IronPort-AV: E=Sophos;i="5.04,729,1406617200"; d="scan'208,217";a="825343355"
Received: from nasanexhc12.na.qualcomm.com ([172.30.39.187]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 15 Oct 2014 19:30:29 -0700
Received: from NASANEXM01F.na.qualcomm.com (10.46.201.192) by nasanexhc12.na.qualcomm.com (172.30.39.187) with Microsoft SMTP Server (TLS) id 14.3.181.6; Wed, 15 Oct 2014 19:30:29 -0700
Received: from presnick-mac.local (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.46.201.192) with Microsoft SMTP Server (TLS) id 15.0.913.22; Wed, 15 Oct 2014 19:30:28 -0700
Message-ID: <543F2DC2.1050300@qti.qualcomm.com>
Date: Wed, 15 Oct 2014 21:30:26 -0500
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Brian Campbell <bcampbell@pingidentity.com>
References: <20141014204213.15568.37128.idtracker@ietfa.amsl.com> <CA+k3eCQmM27m4XPsCQu+GeRGiE6ppQiv8vB3KpnWhAYXpmOV7Q@mail.gmail.com>
In-Reply-To: <CA+k3eCQmM27m4XPsCQu+GeRGiE6ppQiv8vB3KpnWhAYXpmOV7Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------050404020701020406050802"
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01E.na.qualcomm.com (10.46.201.191) To NASANEXM01F.na.qualcomm.com (10.46.201.192)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/36ruP6SQGEDBLY8WwwvVdUEgGzs
Cc: "draft-ietf-oauth-assertions@tools.ietf.org" <draft-ietf-oauth-assertions@tools.ietf.org>, "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Pete Resnick's No Objection on draft-ietf-oauth-assertions-17: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 02:30:34 -0000

On 10/15/14 6:06 PM, Brian Campbell wrote:
> Thanks for your review and feedback, Pete. Replies are inline below...

Thanks for addressing the comments, including Barry's followup. Just on 
the questions:

> On Tue, Oct 14, 2014 at 2:42 PM, Pete Resnick 
> <presnick@qti.qualcomm.com <mailto:presnick@qti.qualcomm.com>> wrote:
>
>         scope
>         [...]
>                                                        As such, the
>           requested scope MUST be equal or lesser than the scope
>     originally
>           granted to the authorized accessor.
>
>     s/MUST/will (unless you explain whether it's the server or the client
>     that's supposed to be obeying that MUST, and for what reason)
>
>
> They are both supposed to obey it - the client shouldn't ask for more 
> and the server will reject the request, if it does.
>
> Is "will" more appropriate than "MUST" here? Or maybe a non 2119 "should"?

Ah, so you're saying that a client could conceivably (either purposely 
or accidentally) try to sneak through a larger scope than it should, and 
the client MUST NOT do that, and the server MUST reject if it gets one. 
OK, that makes sense. (I do tend to like active MUSTs -- the foo MUST do 
X or the bar MUST NOT do Y -- but this is probably OK as is.)

>     Here and throughout: s/non-normative example/example (As far as I
>     know,
>     there are no other kinds in IETF documents.)
>
>
> I thought I picked that language up from some other draft or RFC but 
> I'm now not sure where it came from and can't easily find other 
> examples of the same thing.  So I am happy to remove the 
> "non-normative" throughout, if it is already understood and/or not 
> customary to say so.

Yeah, we've seen other RFCs with such language. I've whined about it in 
the past. Some authors roll their eyes at me. You are welcome to roll 
your eyes if you like, but I find such text silly. :-)

Thanks for the rest of the planned changes. Looks good.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478

v2.23.0 | Report a Bug | By Email