Re: [OAUTH-WG] Privacy Considerations section in OAuth 2.1?

Filip Skokan <panva.ip@gmail.com> Mon, 10 August 2020 17:47 UTC

Return-Path: <panva.ip@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A423A03FC for <oauth@ietfa.amsl.com>; Mon, 10 Aug 2020 10:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbFjnSHgLrUa for <oauth@ietfa.amsl.com>; Mon, 10 Aug 2020 10:47:31 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53D393A003F for <oauth@ietf.org>; Mon, 10 Aug 2020 10:47:31 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id v22so7027517edy.0 for <oauth@ietf.org>; Mon, 10 Aug 2020 10:47:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=yCZ66D26bRTTsfyuTMRJaT6ndvHeV57K8LIXYhahv0g=; b=dQUazSYDmMofnRrnra7Ep6iFvNgk8bAjLq5pH2zpelN1mrlKFFvxrVMUL8S1L/PPKH nXRzR9bra+l5h3pm9I3xFki/MYtuOTm2AnzU9IWdSo1Kzvz1rZHpT4Gq2jbVLwsioD09 olUq8aoiVpMuACkGJJ4a5Ou5yzUhBuWE5c95sJoZieALJExr8nXjavBLoK1nSEj2Lsii txaeVZMM24zJuAhRshmjrbQxzsbtccM1TL6lJKajXWFJVOALK6b3r0jnxp6CqxVPNzZq BBtFn/ebjvgp4qRspYiBvsHZxzFhgnOyuFmjKijn+SEtflhlToFKDjivzJzdkfJbDASq kNEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=yCZ66D26bRTTsfyuTMRJaT6ndvHeV57K8LIXYhahv0g=; b=DyhzfDc5w/gfzl0meE+pkBAVLm5sXXilSOB33XUGZky4gOymi+3Qr0qT+Xqc+dHd1d V+6i8aLiVwvMXsxoc3AN2hngWVbjzkG7kxM6XCq22Stmnubrj3e/0W/QkSVY6OevbeRE gZLoEXFRSTFSAUV4jQMM1zxM8ONMXptRWtu3F+5mdv5QNVIncTh6aeYIvyZZzfqd7yr1 V0Um82aqZnWKmeRUmg4pXQr9mX078Wxj6/+pTMkKnskM+4k/d+Jh0FLssT6BNclRWRYl l9KnHE4sldn8o3HiCLwEvbessISSlfQS084PvOecwQH+n5lgnOvo6PFUvnWKP1nMZ3HK AA4g==
X-Gm-Message-State: AOAM532LhzcvvVCTFBoYH3F7OgPbOrzJkYYeuNWtVBJTj7D3s90tT9uQ ENzveI4BiPf5AxHPRyvAI1Y9uJ9ADw==
X-Google-Smtp-Source: ABdhPJxSWtVx6ANyWmjLkTm4TdRirf09ApZDh93iDmYf69QhlNOKfCC67IiBqjsiHzoKljMHbDcS0w==
X-Received: by 2002:a05:6402:b09:: with SMTP id bm9mr23063109edb.9.1597081649585; Mon, 10 Aug 2020 10:47:29 -0700 (PDT)
Received: from [192.168.68.100] (173.c3.airnet.cz. [94.74.199.173]) by smtp.gmail.com with ESMTPSA id of19sm7541397ejb.3.2020.08.10.10.47.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 10 Aug 2020 10:47:29 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-947F1A7B-C329-4F0A-A1E8-56F9591690A7"
Content-Transfer-Encoding: 7bit
From: Filip Skokan <panva.ip@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 10 Aug 2020 19:47:28 +0200
Message-Id: <E1F8E4D3-79B9-4B44-B918-169ABFB3FA2C@gmail.com>
References: <CAGBSGjp1APwLDk4uy8o+qvk62ZCnOJ4w54xPd7QEX1s+ZMZzog@mail.gmail.com>
Cc: Dick Hardt <dick.hardt@gmail.com>, OAuth WG <oauth@ietf.org>
In-Reply-To: <CAGBSGjp1APwLDk4uy8o+qvk62ZCnOJ4w54xPd7QEX1s+ZMZzog@mail.gmail.com>
To: Aaron Parecki <aaron@parecki.com>
X-Mailer: iPhone Mail (17G68)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/47tSxco1vlhPG990hE0GdEpGqtg>
Subject: Re: [OAUTH-WG] Privacy Considerations section in OAuth 2.1?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 17:47:33 -0000

I don’t think there’s anything new introduced in PAR that would alter existing status quo of privacy consiserations. As such if privacy consideration was to be added for completeness it should be along the lines of “this document does not expand on or otherwise alter the privacy considerations” or “there are no new privacy considerations introduced by this document”. 

Filip

Odesláno z iPhonu

> 10. 8. 2020 v 19:21, Aaron Parecki <aaron@parecki.com>:
> 
> 
> I agree that there is nothing unique to PAR that would justify adding the privacy considerations mentioned to that draft. I wouldn't oppose adding a privacy considerations section to OAuth 2.1 though.
> 
> Aaron
> 
> 
>> On Mon, Aug 10, 2020 at 9:42 AM Dick Hardt <dick.hardt@gmail.com> wrote:
>> In the PAR meeting today, Denis requested there be a privacy considerations section in PAR. I don't think there is anything specific in PAR that would change the privacy considerations of OAuth, and am checking if there is WG interest, and consensus, on including a Privacy Considerations section in the OAuth 2.1 draft.
>> 
>> /Dick
>> ᐧ
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth