IETF Logo Mail Archive

Re: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-18.txt

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 12 April 2012 11:21 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A20021F85D2; Thu, 12 Apr 2012 04:21:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.377
X-Spam-Level:
X-Spam-Status: No, score=-102.377 tagged_above=-999 required=5 tests=[AWL=0.222, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id foCJl+6xzN2V; Thu, 12 Apr 2012 04:21:41 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id F10E921F85D1; Thu, 12 Apr 2012 04:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1334229699; d=isode.com; s=selector; i=@isode.com; bh=S7YOLNgfjxY2v/2AcHrHUWHnO5Cu9VZ/AvAY08aBh2A=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=B+gKdxnkQ0KKmNs8b8c3aAkqSKmwgrE3kAq+h+S5+YVL95xEdDsfMxY2bSBjKMWpBu7fOF kjm4pfgnAntnFFk76mkSbS2R2UgPgJYACt5KmMln+hdwHMJSAH9bdfMm6p661xjT7oD4xn ENerZ3Riu4gwbP9LragMqw0zg/p62VE=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <T4a6wQAg26kV@rufus.isode.com>; Thu, 12 Apr 2012 12:21:39 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <4F86BAE9.4000406@isode.com>
Date: Thu, 12 Apr 2012 12:22:17 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436646237B@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436646237B@TK5EX14MBXC283.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team <gen-art@ietf.org>, Russ Housley <housley@vigilsec.com>, "oauth@ietf.org" <oauth@ietf.org>, "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-18.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 11:21:44 -0000

On 11/04/2012 01:25, Mike Jones wrote:
> Hi Alexey,
Hi Mike,
I've dropped issue 2, Sean took charge of discussing it with IESG.
> About your issue 1:  The OAuth Core spec, where "scope" is primarily defined, includes the sentence "The [scope] strings are defined by the authorization server" (see http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3).  I could add that clarification to the Bearer spec as well to make it clear that the scope values are context-dependent, if that would address your concern.
Yes, but only partially. I would also like to see a clear statement that 
there is no centralized registry for scope values, plus some examples 
(more than 1) of how values of this attribute can look like.

With out this information I don't think the spec is implementable.

v2.23.0 | Report a Bug | By Email