[OAUTH-WG] Murray Kucherawy's No Objection on draft-ietf-oauth-access-token-jwt-12: (with COMMENT)

Murray Kucherawy via Datatracker <noreply@ietf.org> Thu, 08 April 2021 06:22 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 910DC3A3BDC; Wed, 7 Apr 2021 23:22:21 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Murray Kucherawy via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-oauth-access-token-jwt@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org, Hannes Tschofenig <hannes.tschofenig@arm.com>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Murray Kucherawy <superuser@gmail.com>
Message-ID: <161786294101.28888.16150454715315694485@ietfa.amsl.com>
Date: Wed, 07 Apr 2021 23:22:21 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6MHzG0ZvcQaqWim0_k_7BgzkWTw>
Subject: [OAUTH-WG] Murray Kucherawy's No Objection on draft-ietf-oauth-access-token-jwt-12: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 06:22:22 -0000

Murray Kucherawy has entered the following ballot position for
draft-ietf-oauth-access-token-jwt-12: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

My co-AD pretty much nailed it.   I would go further and say that her comment
about "Why is this only SHOULD?" applies to a lot of the SHOULDs in here. 
SHOULD presents a choice; why might an implementer reasonably not do any of the
SHOULD things in here?

For readability, I suggest that the three registrations packed into Section
7.2.1 be separated somehow, as right now they appear to be one continuous
bullet list.  Separate subsections would work, or even just a line of prose
before each would suffice.

The first half of the second paragraph of Section 6 seems much more like an
interoperability issue than a privacy issue to me.