Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Tue, 27 February 2018 07:03 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B07124BE8; Mon, 26 Feb 2018 23:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCBvCsUXrGja; Mon, 26 Feb 2018 23:03:24 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0121.outbound.protection.outlook.com [104.47.41.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E89B124B18; Mon, 26 Feb 2018 23:03:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=apNv+dgNFt30np8qUbMkgEOtclltKe3oYjYYIoXVttc=; b=OdrMxYAsSp4T9BC5+5AYq2B72RB6Vg991/x7PSo+vUZEIgA76tfBFnQz0I87Mbnm8iuzHuPkcPKiv0zU1Be8J6N1joY54lC6c0aJtko9/NykA3rlj0T2WDjMpreTm7BUF9hXHeLr3vsr6wSFC5z55zM2VAFNHPNpK4+lf6K2sfM=
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0894.namprd21.prod.outlook.com (52.132.116.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.3; Tue, 27 Feb 2018 07:03:21 +0000
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Tue, 27 Feb 2018 07:03:21 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: The IESG <iesg@ietf.org>, Alexey Melnikov <aamelnikov@fastmail.fm>
CC: "draft-ietf-oauth-discovery@ietf.org" <draft-ietf-oauth-discovery@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Thread-Index: AQHTlOop6dUBqhyeJUqE43siwWseqKODkaAQgAXXNACAAAUYYIAumhgw
Date: Tue, 27 Feb 2018 07:03:21 +0000
Message-ID: <SN6PR2101MB0943219B09904D35D7A37CA2F5C00@SN6PR2101MB0943.namprd21.prod.outlook.com>
References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> <DM5PR2101MB0934487B64A5CDA299AA529EF5E20@DM5PR2101MB0934.namprd21.prod.outlook.com>, <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> <SN6PR2101MB0943DB73605F3ACAC6C85B4AF5E60@SN6PR2101MB0943.namprd21.prod.outlook.com>
In-Reply-To: <SN6PR2101MB0943DB73605F3ACAC6C85B4AF5E60@SN6PR2101MB0943.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.88.236]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0894; 7:HAV6e/lVJ+v2xtmWfhcJMpvCJMtTtUXymYnJuSo7myzFy34nMC1UJHaVfVL0oXg540vV69ReTs1Lqq75aG+ai0pleFfXdfgHOns2LhPBe4G20OSYgrh/JC3NcVN4NdrUWB6Ozy0BdYakaHv79OqDHxfkRO3OqjKy0b3vuw7PZjY0gh8HWz4EscnmklfNBCz2C7TXTg6xKUB3nAPWoUCG5XgTKAFJ1kYrJAg8BOhWJ/+1Gc5Ad9UbCn+mYQ2kXhHu
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 692fd3a4-ab64-4b03-6d2a-08d57db0301f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(49563074)(7193020); SRVR:SN6PR2101MB0894;
x-ms-traffictypediagnostic: SN6PR2101MB0894:
x-microsoft-antispam-prvs: <SN6PR2101MB089401EB636B3E7B1D0136F2F5C00@SN6PR2101MB0894.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(248736688235697)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(102415395)(61425038)(6040501)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231220)(944501198)(52105095)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN6PR2101MB0894; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0894;
x-forefront-prvs: 05961EBAFC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(376002)(346002)(39860400002)(366004)(396003)(13464003)(189003)(199004)(51914003)(6246003)(8666007)(9686003)(55016002)(54896002)(6306002)(53936002)(6436002)(22452003)(236005)(99936001)(10090500001)(110136005)(54906003)(316002)(86612001)(606006)(93886005)(99286004)(106356001)(2950100002)(966005)(66066001)(229853002)(14454004)(68736007)(105586002)(53546011)(6506007)(3660700001)(72206003)(25786009)(5660300001)(10290500003)(5250100002)(5890100001)(97736004)(2906002)(81156014)(81166006)(86362001)(74316002)(8676002)(7736002)(3280700002)(8936002)(7696005)(102836004)(26005)(33656002)(186003)(790700001)(345774005)(478600001)(3846002)(8990500004)(4326008)(6116002)(2900100001)(76176011)(6346003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0894; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: r5oYQH4PGpfjc2toRbg/b8fwNrLqzTe+jm3EFUYlE9KvlRnzwQ0qYiMxZCj2ZswTZ5k3apqqC8LrEzrDtAXXkzCWzhgea5VLNtogN7T+je/aPIL47pBNmIEAE9XhNSGJViWMxO62N24ebOvbpRnbaD1ORhxaUJlaYcPxM6x8OYs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 692fd3a4-ab64-4b03-6d2a-08d57db0301f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2018 07:03:21.6133 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0894
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Eejyeg0s_KYQzVCqcXMS3LG5lUY>
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 07:03:29 -0000
The attached drafts address the DISCUSSes from Adam and Alexey in the ways proposed. A summary of the changes from -08 is:
* Revised the transformation between the issuer identifier and the authorization server metadata location to conform to BCP 190, as suggested by Adam Roach.
* Defined the characters allowed in registered metadata names and values, as suggested by Alexey Melnikov.
* Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbell.
* Acknowledged additional reviewers.
I've attached both source and .txt versions to facilitate comparison to -08. Unless I hear additional suggestions for improvements by my end of business Tuesday, I'll plan to publish this as -09.
Thanks all,
-- Mike
From: Mike Jones
Sent: Sunday, January 28, 2018 7:23 AM
To: The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Your understanding matches with the intent of the language from RFC 7638. I'll plan to proceed on that basis then.
Thanks again,
-- Mike
From: Alexey Melnikov
Sent: Sunday, January 28, 7:04 AM
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
To: Mike Jones, The IESG
Cc: draft-ietf-oauth-discovery@ietf.org<mailto:draft-ietf-oauth-discovery@ietf.org>, oauth-chairs@ietf.org<mailto:oauth-chairs@ietf.org>, oauth@ietf.org<mailto:oauth@ietf.org>
Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks for the useful review, Alexey. I propose that we use the same > character restrictions that are described in > https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a) require that member names being registered use > only printable ASCII characters excluding double quote ('"') and > backslash ('\') (the Unicode characters with code points U+0021, > U+0023 through U+005B, and U+005D through U+007E), This looks reasonable. > or > > (b) if new members are defined that use other code > points, require that their definitions specify the exact Unicode code > point sequences used to represent them. Furthermore, proposed > registrations that use Unicode code points that can only be > represented in JSON strings as escaped characters must not be > accepted. So just to double check: it is Ok to register names in Greek or Cyrillic (for example) and they will be compared in a case sensitive manner? > I also propose that we say that member name comparison occurs in the > manner described in https://tools.ietf.org/html/rfc7159#section-8.3. My understanding is that RFC 7159 recommends case-sensitive comparison and that is fine with me. > Will that work for you, Alexey? Best Regards, Alexey > > Thanks, > -- Mike > > -----Original Message----- > From: Alexey Melnikov [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 AM > To: The IESG > Cc: draft-ietf-oauth-discovery@ietf.org<mailto:draft-ietf-oauth-discovery@ietf.org>; Hannes Tschofenig > ; oauth-chairs@ietf.org<mailto:oauth-chairs@ietf.org>; > Hannes.Tschofenig@gmx.net<mailto:Hannes.Tschofenig@gmx.net>; oauth@ietf.org<mailto:oauth@ietf.org> > Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COMMENT) > > Alexey Melnikov has entered the following ballot position for > draft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the well written IANA Considerations section. I have one > comment on it which should be easy to resolve: > > The document doesn't seem to say anything about allowed characters in > Metadata names. When the document talks about "case-insensitive > matching", it is not clear how to implement the matching, because it is > not clear whether or not Metadata names are ASCII only. If they are not, > then you need to better define what "case insensitive" means. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Adam's DISCUSS. > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Alexey Melnikov
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Alexey Melnikov