Re: [OAUTH-WG] Stephen Farrell's Discuss on draft-ietf-oauth-dyn-reg-28: (with DISCUSS and COMMENT)

Justin Richer <jricher@mit.edu> Tue, 05 May 2015 19:34 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC0771A87BD; Tue, 5 May 2015 12:34:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syCavlOEY6kj; Tue, 5 May 2015 12:33:56 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 604401ACDD6; Tue, 5 May 2015 12:33:54 -0700 (PDT)
X-AuditID: 1209190f-f79d16d000000d3d-f3-55491b2013bd
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 7F.6A.03389.12B19455; Tue, 5 May 2015 15:33:53 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t45JXqDD015645; Tue, 5 May 2015 15:33:52 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t45JXnRX030314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 5 May 2015 15:33:51 -0400
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_84E071CC-8C34-4121-8065-A35EE7A94DD2"; protocol="application/pgp-signature"; micalg=pgp-sha256
X-Pgp-Agent: GPGMail 2.5b6
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <553AB662.7010303@cs.tcd.ie>
Date: Tue, 5 May 2015 15:33:48 -0400
Message-Id: <77A2595A-807E-4CBC-86D7-EF5055BE5186@mit.edu>
References: <20150424115205.3265.73381.idtracker@ietfa.amsl.com> <553A3289.2000401@cs.tcd.ie> <553A34FE.8@mit.edu> <553A35E4.1000904@cs.tcd.ie> <553A376A.1070806@mit.edu> <553A3929.3000002@cs.tcd.ie> <AB914C1E-1D45-4597-A6CC-90B5C3C10945@mit.edu> <553AB662.7010303@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMKsWRmVeSWpSXmKPExsUixG6nrqso7RlqcPsMl8W0n6/ZLGb8mchs cXvuSjaLk29fsVlM33uN3YHVY233VTaPJUt+MgUwRXHZpKTmZJalFunbJXBlTNl4kqlgq2TF 7O3H2RsYT4p0MXJySAiYSGz//YoZwhaTuHBvPVsXIxeHkMBiJolH/3YzQjgbGCXOHG9ngXAe MEn87D0O1iIskCMxb+cxJhCbV8BAYu6pL0wgRcwCUxglfrz7xgIxV0qi6fUxRhCbTUBVYvqa FrAGTgFNiSfTPoPFWQRUJHbPaGaEaG5hlHh2fCkLxFQriYctB9khVk9mklh/sQdstYiAvsTe zeeAEhxAG+QlejalT2AUnIXkkFnIDgFJMAtoSyxb+JoZwtaU2N+9HCouL7H97RyouKXE4pk3 oOK2Erf6FjBB2HYSj6YtYl3AyLGKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI10QvN7NELzWldBMj KL44Jfl3MH47qHSIUYCDUYmHdwOPR6gQa2JZcWXuIUZJDiYlUV4DKc9QIb6k/JTKjMTijPii 0pzU4kOMKkC7Hm1YfYFRiiUvPy9VSYT34HegVt6UxMqq1KJ8mDJpDhYlcd5NP/hChATSE0tS s1NTC1KLYLIyHBxKEryRIAsEi1LTUyvSMnNKENJMHJyHGCU4eICGV4HU8BYXJOYWZ6ZD5E8x KkqJ87ZKAiUEQBIZpXlwvbC0+IpRHOgtYd7NIFU8wJQK1/0KaDAT0OBVhSBXF5ckIqSkGhg9 MtcsPfVSVe716+r0uXdeusR6X/t3zf7upuBYzdJP/1JXF86w3971c72J5sMV1XPi+z/O3l3U svN/+kwB+8WCP1qN5vx8W55z7evmc4v6ZdU8Q96LvrzDcVV2r1bRwzfuKw0+856IenV/Z+Wz nVZbvl43O7vvW++SN1yOH7Y/PJhuvPPH2bnTS5RYijMSDbWYi4oTAY0C4MZmAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/EWKDl_82y3b5mRU75Hbu6AsjXIY>
Cc: draft-ietf-oauth-dyn-reg@ietf.org, oauth-chairs@ietf.org, "<oauth@ietf.org>" <oauth@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [OAUTH-WG] Stephen Farrell's Discuss on draft-ietf-oauth-dyn-reg-28: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2015 19:34:04 -0000

Stephen,

We’ve incorporated this text into the latest draft:

https://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-29

Hopefully this will be sufficient to clear the DISCUSS.

Thanks for your thoughtful review!
 — Justin

> On Apr 24, 2015, at 5:32 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> 
> On 24/04/15 22:27, Justin Richer wrote:
>> Stephen, I’ve worked on this this afternoon and this is my proposed text:
>> 
>>          The response to such a
>>           situation is out of scope for this specification but could include
>>           filing a report with the application developer or authorization
>>          server provider, attempted re-registration with different metadata
>>          values, or various other methods. For instance, if the server also
>>          supports a registration management mechanism such as that defined in
>>          <xref target="OAuth.Registration.Management"/>, the client or
>>          developer could attempt to update the registration with different
>>          metadata values. This process could also be aided by a service
>>          discovery protocol such as <xref target="OpenID.Discovery"/> which
>>          can list a server's capabilities, allowing a client to make a more
>>          informed registration request. The use of any such management or
>>          discovery system is OPTIONAL and outside the scope of this
>>          specification.
>> 
>> Does this text work for you?
> 
> It does, nicely.
> 
> Thanks,
> S.
> 
> 
>> 
>> — Justin
>> 
>>> On Apr 24, 2015, at 8:38 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>> 
>>> 
>>> 
>>> On 24/04/15 13:30, Justin Richer wrote:
>>>>> 
>>>> 
>>>> OK, so are you asking for something like:
>>>> 
>>>> "If the server supports an update mechanism such as [Dyn-Reg-Management]
>>>> and a discovery mechanism such as [OIDC-Discovery], then a smart client
>>>> could use these components to renegotiate undesirable metadata values."
>>>> 
>>>> With both of these being informative references? I'm not opposed to it.
>>> 
>>> That'd work for me, yes, thanks.
>>> 
>>> S.
>> 
>