Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
Brian Campbell <bcampbell@pingidentity.com> Wed, 19 October 2022 21:26 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44FE0C1522A2 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2022 14:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97nHM2XdYpff for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2022 14:26:08 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C285C14F73A for <oauth@ietf.org>; Wed, 19 Oct 2022 14:26:03 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-360871745b0so180721387b3.3 for <oauth@ietf.org>; Wed, 19 Oct 2022 14:26:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=20VSDcLoZtdVh2TsUBv7jCV4NtkzrhuEFNoEh1ALy54=; b=XhBI7QQdA9pYvFKGy7J1l/E8EtxJ5vhXMUaY9jFoda9DWqd0ptpDGhyR27hlXHHDzz 5760EM1asz8uzihrOjiMnsGxWtPQFIU2ji9AT/eMmrf0yz8Zms7ggseOQyXMVlyJ3WaZ VwXfnZZjo/i/3f1gV/tAsKsdqWUpLUAQxy0UxYDUZjSkgm5ixuaiDX6CS78A593IPJl9 U5uSuT4ksjt9RXX+GRfbfvZj9b4a1gsvVgey+s3YhS/HQYb8GFtdH/PS25Ylt1D7iJLT dpxp6Sy/YGc47i9ZC7XzX/emFRrForQhZGNuQqu9cc8SOKQmj5RTMlSbp17fZjT+5FCY Mwag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=20VSDcLoZtdVh2TsUBv7jCV4NtkzrhuEFNoEh1ALy54=; b=jYTkcLVhFJmOOZINGDVx+s518uz6il9+xDUvYkB6fFOjmr5PqGusx3ztytXyUZCSo4 glw12UN5zXZi8VMxipe0TlAX3UEQUXVPlX/Z052FR15828+vwsrv98OY556pxX4hqnBD FejNA0JwUpmUO3haLsf9wg1FUiwj+o9nnmRkiDGrPZhUA/mO6qAYAZ3I1YffwKkxqMht RsJPt/6HzUByjEYEHC9ilyMC+YmIZkae9gnCZmOXc9ZuDnwvuh40H5sIMuqKuaSSJLxF ojL92DsEj5GoaJ8G7Fm3T4HU8JWNIq3E/HqmJzqhB0ozGN96pcRZV45Gmg+rq9npvWgK 4zcA==
X-Gm-Message-State: ACrzQf3ZRF6J1n/m+z0jfy25he79QK8vEq0itiUgPp+vfiGCUrk4OMBp +OvRjOoy0AHQe3MFGOqG9OHXt2JXdw7r2+Dn8W23yWdytU1yjvYroQy33SZMoFQPrMXNoLLm0Or mGBaavNyCAOyfkw==
X-Google-Smtp-Source: AMsMyM7JYRreWk320Zh2xgNB9bNryUObLS2agro+gmaUAU5aaZ4gf3x+zxTE7UowO+TEQcns8k88JVcYh9w/v3Uh2N4=
X-Received: by 2002:a81:d348:0:b0:349:1a62:2d3b with SMTP id d8-20020a81d348000000b003491a622d3bmr8571633ywl.382.1666214762135; Wed, 19 Oct 2022 14:26:02 -0700 (PDT)
MIME-Version: 1.0
References: <BN2P110MB110748BA202E467849E8A973DC469@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <3496F95F-14DE-4A66-90BD-4246ABB1AC20@mit.edu> <BN2P110MB1107B46FA1B5A4F8852807D2DC249@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107B46FA1B5A4F8852807D2DC249@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 19 Oct 2022 15:25:09 -0600
Message-ID: <CA+k3eCS=-JFBr_6vNz9EXfmZ1af1dcaEVo8eWqV7gw+ayswO_A@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Justin Richer <jricher@mit.edu>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000004585a05eb69db43"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/CsgHa8pMT5FTqe6SRPdyn9OPxLU>
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 21:26:12 -0000
On Fri, Oct 14, 2022 at 10:50 AM Roman Danyliw <rdd@cert.org> wrote: > > > > > > > ** Section 11.2 > > > > > > One option would be to have a mechanism allowing the registration of > > > extension modules, each of them responsible for rendering the > > > respective user consent and any transformation needed to provide the > > > data needed to the resource server by way of structured access tokens > > > or token introspection responses. > > > > > > I don't follow the flexibility being described here. "One option ..." > with > > respect to what? > > > > With respect to having certain types hard-coded (like someone like > Facebook or > > GitHub might do because their API is specific) or having some kind of > > mechanism that just prints out the RAR objects verbatim. > > > > Ah, you mean relative to customization. Maybe s/One option would be/One > option to support customization/ > > FWIW I updated this sentence in my earlier edits that attempted to get the low hanging items and it now says "One approach to supporting such customization would be to have a mechanism allowing [...]", which is slightly more wordy but basically the same as your suggestion. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] AD review of draft-ietf-oauth-rar-12 Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Justin Richer
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Brian Campbell
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Justin Richer
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Brian Campbell
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Justin Richer
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Roman Danyliw
- Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-… Justin Richer