Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft

Brian Campbell <bcampbell@pingidentity.com> Tue, 18 August 2020 21:18 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FB53A0CD9 for <oauth@ietfa.amsl.com>; Tue, 18 Aug 2020 14:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocCH5PZDEuhe for <oauth@ietfa.amsl.com>; Tue, 18 Aug 2020 14:18:50 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92CA93A0CDB for <oauth@ietf.org>; Tue, 18 Aug 2020 14:18:49 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id v9so23059978ljk.6 for <oauth@ietf.org>; Tue, 18 Aug 2020 14:18:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6t3K4dET7nbkuanZ56eSP1QRWuFBpkUCLU8xSPj6jiI=; b=CgWSilec0JFptqmNASCSaN3ii1QHvvwrktN+o4nPlZ/RHZcOFGxXX5U8lddqQvo/Gf NlDh122tXase6QuPbnZ5vORwls4vwzmumPAJKjgYdTQ3Y/ZoF6uK0JBOc7TvrekcPvG8 SdOIoSIbsK4J878VB0MDzBSoX9Rc/Jj1MNBFjNNY3WWTqUr9XArtSYf75KFZDhW7oQQg ghqIbZcZV1WENqEqc7KVKpsTYtOSMmEuuoDQjFL4l5AQ3Av9Tp9C9JKPDLjWrfcqb/rU 9ZLb5knZyFTQyev8qmZICpsEhw/u1hoKfYXta2QYnDnf0YrodzhNbjK902PABlDhXkg4 lIBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6t3K4dET7nbkuanZ56eSP1QRWuFBpkUCLU8xSPj6jiI=; b=Q5DeNR4bVZLxKwfNa5o5fUfcVHm/di0WOf8xSllkzpL4/SUQrQ8FkC2NgoyJNwiCng gQaNxK5hMpgyoqiatzK1SN0Dk71KQRPkcwbe+ITBi+1AiZoh7/LHLAqXANRnimFekLn7 Cm0RYO9NkSMSsblsBWYlXFcsvP1OhJJIJcQ38CivK91KdDp9UZdLkeJYCb3ukc0AiqR0 ZFjI0+oeX5EJNSZtYJ1yU7HJgWAOXiWcGe5UBReUKM8CNE4ohwKJhmwG+LtNQw/sLP5e m+wyNG0ZcydmQF0Hmy0/QnvGaqpZIxx6m3gliHlH/QKBzMoT5ElgubysXjh9nuRHU4v3 QUiQ==
X-Gm-Message-State: AOAM531yJweeA9GrwdX51fVXXcxhefq6PneYxGGsPhfEPL744tQpqgEo +/AErUf6xsIT0sGlM+S1OzpcYcp0E2D9r7LnG/CJ6Plt1aeaTVd1sKxFsk/qIT25G1MA8iI5dDB xs/5kRZCUnoNhKsrgs5xcPQ==
X-Google-Smtp-Source: ABdhPJxeC7aP6Rw8Kv0ykgtO9ZAawmbh7bRW/4vtnZbby/SzcXFq0oMSq9t1j7e1ayxkZ7V8pC4xyB3amg3LxK9TwEk=
X-Received: by 2002:a2e:968c:: with SMTP id q12mr11329356lji.345.1597785527575; Tue, 18 Aug 2020 14:18:47 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com> <334EDEFB-AE33-4A19-9F2F-4C8158597C5C@authlete.com>
In-Reply-To: <334EDEFB-AE33-4A19-9F2F-4C8158597C5C@authlete.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 18 Aug 2020 15:18:21 -0600
Message-ID: <CA+k3eCSyHx5aABheB6g9wAWrX5m6sj76Qry_0yj4gpWFGRvO=g@mail.gmail.com>
To: Joseph Heenan <joseph@authlete.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cc85bc05ad2d6ea9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6eBBW7VRcc1n3FXc_7w6WRoQe98>
Subject: Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 21:18:52 -0000

Thanks Joseph. We'll get those niggles addressed. And it's great to hear
the positive implementation and testing info.

On Wed, Aug 12, 2020 at 6:08 PM Joseph Heenan <joseph@authlete.com> wrote:

> Thanks Rifaat, Hannes, and also thanks to all the authors.
>
> I’ve been through the latest spec and it basically looks great to me; I
> raised 3 minor niggles under
> https://github.com/oauthstuff/draft-oauth-par/issues
>
> https://github.com/oauthstuff/draft-oauth-par/issues/59 - possible
> ambiguity in the text around error responses from new endpoint
>
> https://github.com/oauthstuff/draft-oauth-par/issues/62 &
> https://github.com/oauthstuff/draft-oauth-par/issues/63 - minor
> typographical points
>
>
> For info, Authlete has at least one deployed implementation of this spec.
>
> Authlete has also assisted in getting tests for PAR added to the Open ID
> Foundation FAPI Certification test suite for Authorization Servers, and
> (although there’s still a few niggles in the tests to work out) the tests
> seem to interoperate with Authlete, Filip’s node-oidc-provider and a Ping
> implementation fine. (Many thanks to Filip & Ping for testing them! If
> anyone else would like to try them please let me know.)
>
> Thanks
>
> Joseph
>
>
> On 11 Aug 2020, at 23:07, Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
> wrote:
>
> All,
>
> This is a WGLC on the *Pushed Authorization Requests *document:
> https://www.ietf.org/id/draft-ietf-oauth-par-03.html
>
> Please, take a look and provide feedback on the list by *August 25th.*
>
> Regards,
>  Rifaat & Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._