[OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
Adam Roach <adam@nostrum.com> Thu, 02 August 2018 00:43 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 96DDF130E88; Wed, 1 Aug 2018 17:43:16 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Adam Roach <adam@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-device-flow@ietf.org, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, oauth-chairs@ietf.org, rifaat.ietf@gmail.com, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.83.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153317059661.22107.3645320244647621058.idtracker@ietfa.amsl.com>
Date: Wed, 01 Aug 2018 17:43:16 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/5rbHJH90sLWZQ3Ld8RnWQlFjLUY>
Subject: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 00:43:17 -0000
Adam Roach has entered the following ballot position for draft-ietf-oauth-device-flow-12: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks to the authors for addressing my comments and half of my DISCUSS. This final issue appears to remain unaddressed: §3.1: > The client initiates the flow by requesting a set of verification > codes from the authorization server by making an HTTP "POST" request > to the device authorization endpoint. The client constructs the > request with the following parameters, encoded with the "application/ > x-www-form-urlencoded" content type: This document needs a normative citation for this media type. My suggestion would be to cite REC-html5-20141028 section 4.10.22.6, as this appears to be the most recent stable description of how to encode this media type. I'd love to hear rationale behind other citations being more appropriate, since I'm not entirely happy with the one I suggest above (given that it's been superseded by HTML 5.2); but every other plausible citation I can find is even less palatable (with HTML 5.2 itself having the drawback of not actually defining how to encode the media type, instead pointing to an unstable, unversioned document).
- [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oau… Adam Roach
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… William Denniss
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… Adam Roach