[OAUTH-WG] Opsdir last call review of draft-ietf-oauth-token-exchange-14

Zitao Wang <wangzitao@huawei.com> Wed, 01 August 2018 06:21 UTC

Return-Path: <wangzitao@huawei.com>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 53D3C130FB2; Tue, 31 Jul 2018 23:21:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Zitao Wang <wangzitao@huawei.com>
To: ops-dir@ietf.org
Cc: draft-ietf-oauth-token-exchange.all@ietf.org, ietf@ietf.org, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.83.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153310447029.3248.454015280311920642@ietfa.amsl.com>
Date: Tue, 31 Jul 2018 23:21:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FUQOjzl50xBXKRNYlgRM8s4DXBA>
Subject: [OAUTH-WG] Opsdir last call review of draft-ietf-oauth-token-exchange-14
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2018 06:21:10 -0000

Reviewer: Zitao Wang
Review result: Ready

I have reviewed this document as part of the Operational directorate’s ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Document reviewed: draft-ietf-oauth-token-exchange-14

Summary:

This specification defines a protocol for an HTTP- and JSON- based  Security
Token Service (STS) by defining how to request and obtain  security tokens from
OAuth 2.0 authorization servers, including security tokens employing
impersonation and delegation.