Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)

Barry Leiba <> Thu, 05 September 2019 21:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7CC68120B2B; Thu, 5 Sep 2019 14:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HQDukBN-vAa7; Thu, 5 Sep 2019 14:01:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7156D120900; Thu, 5 Sep 2019 14:01:49 -0700 (PDT)
Received: by with SMTP id j4so7933665iog.11; Thu, 05 Sep 2019 14:01:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=3dXAqN7nY+oK8cMWiHe9AJ+jyiVc6/lnIYiDfwy2Vzc=; b=ZGRF3ypxsfN6a0tHZPg09HplHdNgCQ0NclUKXATQsYG9jocB5uMkXiE6FMS3A2uEnq xhFiqvI0L67ayWpyo5Q9gb7vbTRZu6pdJHYLA1+XAMAo1JaXthqHxvdjbiLqb4G2UBtY e3KHG37+FYfu9F0lMa1d2YvEIJScxL8EwE2LD+MbkliO5F11DH5Q7vpKO6xF4PVV7IDB wOoyNElDUkEjyFrXTS1XWA4E+Fm3hpv7YNRkEjVCl8tGSPK91ccZHQhLtQ9cpO6xJrvq ujH8PIaRb4MI9nGQILCJuYuad86TF0orb7Gt+nPREVlqsodfibfmxxwrGgsPT9L8wzdR kFzA==
X-Gm-Message-State: APjAAAVggucfQ3ooia/J3BhgGGf0ef1887meWBZkvqJt82Lhq1zIMorQ HQoARoopKm8YE8vST9G0WmVFsOLo2ONAyUJ1v8g=
X-Google-Smtp-Source: APXvYqxpH28KTcOJ2ZYIF3LFOEFf+SG8kBpE0s75X1Go9L0+Bt7O5vsxH6fpfpo8Cs5LHf7V649UwhFWdZrg3KRg9NQ=
X-Received: by 2002:a6b:7709:: with SMTP id n9mr947838iom.187.1567717308381; Thu, 05 Sep 2019 14:01:48 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <>
In-Reply-To: <>
From: Barry Leiba <>
Date: Thu, 05 Sep 2019 17:01:36 -0400
Message-ID: <>
To: Brian Campbell <>
Cc: Adam Roach <>,,, The IESG <>, oauth <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Sep 2019 21:01:51 -0000

Thanks, Brian.  I hope Adam is happy with that as well.


On Thu, Sep 5, 2019 at 3:01 PM Brian Campbell
<> wrote:
> I went ahead with this in -07.
> On Wed, Sep 4, 2019 at 3:07 PM Brian Campbell <> wrote:
>> Thanks Barry, I kinda like it. Although I'm a bit hesitant to make a change like that at this stage. I guess I'd be looking for a little more buy-in from folks first. Though it's not actually a functional breaking change. So maybe okay to just go with.
>> On Wed, Sep 4, 2019 at 2:54 PM Barry Leiba <> wrote:
>>> > Yeah, with query parameters lacking the hierarchical semantics that the path component has, it is much less clear. In fact, an earlier revision of the draft forbid the query part as I was trying to avoid the ambiguity that it brings. But there were enough folks with some use case for it that it made its way back in. While I am sympathetic to the point you're making here, I'd prefer to not codify the practice any further by way of example in the document.
>>> Is it perhaps reasonable to discourage the use of a query component
>>> while still allowing it?  Maybe a "SHOULD NOT", such as this?:
>>> OLD
>>>       Its value MUST be an absolute URI, as specified by
>>>       Section 4.3 of [RFC3986], which MAY include a query component but
>>>       MUST NOT include a fragment component.
>>> NEW
>>>       Its value MUST be an absolute URI, as specified by
>>>       Section 4.3 of [RFC3986].  The URI MUST NOT include
>>>       a fragment component.  It SHOULD NOT include a query
>>>       component, but it is recognized that there are cases that
>>>       make a query component useful.
>>> END
>>> What do you think?
>>> Barry
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.