Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Wed, 28 February 2018 15:17 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65FF12EB0C; Wed, 28 Feb 2018 07:17:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=LN2r7viJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Oe7OKmgn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crIYxSwPtFkR; Wed, 28 Feb 2018 07:17:18 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5147D12D885; Wed, 28 Feb 2018 07:17:18 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id B480320C00; Wed, 28 Feb 2018 10:17:17 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Wed, 28 Feb 2018 10:17:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=GnvWp9/fJNjbvCl9D6tKUZ3eJgPrn S4i9H2b6ofhiKI=; b=LN2r7viJBYdweCQKa86hgfAjyKr3xiihglqVK1BCYo/4+ vSlTMQKI7Nac/6kNwC6pR/dAKE+G3m3XZA0yYzqjqAKw0d32sUHxHep9ejRf7Sxe 1acP5C9mluUia/63zH97rJRYKLDF4PFBpng5wK1nr0VI6gGPVLHpGhPtbmKIDPPR mZ3em+c+sxADlSHiAr3zyAMseJdw7eISdyKJXMQrDjPoScggomF/VLGUAZoHPRtX G2jipAIm/UaJH1Maz8rmbODDOFe2sI/+5WIWurxablm2rIlU5i4b8MiL41fKTe2+ VhUc2wFBDtxAXCZ4dH2Aju6jTc752v240VXbp2CjQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=GnvWp9 /fJNjbvCl9D6tKUZ3eJgPrnS4i9H2b6ofhiKI=; b=Oe7OKmgnL5Sr7EVlbstYTH 2jMkEiGb0HAVjPMG1W2A6gbxmqciLkTRHC5AAiXR9Dy1i54Un97Gp/B0A5zNwTKh 8S6vF0gXspJDLc2TVaFiZqletrhRQKGfx/a895TptIoULFUsq+hqTxe5FMKHFaV+ xlHCZQcU2aa5WwxqLmpB3j/Ctm+CfZB2k2jVcHv22TvjBOLT/E1z7ob3HMlKmiyD tQbcu2Um5wrl5RBaT1Xuo8Jjqq4cvxot/37P4uBHDo6Tr1ROch7hZA6WJ8tdS7mb nw1CoR7KTmtoxWlqbDHmWTSDeizXgdNFogryj4ZMhB9XhgwNcnvFOjMNFvNPHzpw ==
X-ME-Sender: <xms:_ceWWmCfeI-fosCbRxTg3LVfm4o0Lqk71zaoL_OJml6NjsaTGGKrqQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 8D7CE9E111; Wed, 28 Feb 2018 10:17:17 -0500 (EST)
Message-Id: <1519831037.2475728.1286530320.2EBF3AE0@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Mike Jones <Michael.Jones@microsoft.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_151983103724757280"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-b08ff009
References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> <DM5PR2101MB0934487B64A5CDA299AA529EF5E20@DM5PR2101MB0934.namprd21.prod.outlook.com> <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> <SN6PR2101MB0943DB73605F3ACAC6C85B4AF5E60@SN6PR2101MB0943.namprd21.prod.outlook.com> <SN6PR2101MB0943219B09904D35D7A37CA2F5C00@SN6PR2101MB0943.namprd21.prod.outlook.com> <SN6PR2101MB0943D355855056120469FC27F5C70@SN6PR2101MB0943.namprd21.prod.outlook.com>
Date: Wed, 28 Feb 2018 15:17:17 +0000
In-Reply-To: <SN6PR2101MB0943D355855056120469FC27F5C70@SN6PR2101MB0943.namprd21.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/HGUZPjHdGHFEDwx-yH9Mrq5V8YA>
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 15:17:21 -0000

Hi Mike,
I've suggested one extra clarification, but the rest of the changes made
the document better.
Thank you,
Alexey

On Wed, Feb 28, 2018, at 3:04 AM, Mike Jones wrote:
> I believe that the changes in
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-09 address the
> DISCUSS and comments.  Please review – ideally before the upcoming
> telechat.>  


>                                                        Thanks again,>                                                        -- Mike


>  


> *From:* Mike Jones *Sent:* Monday, February 26, 2018 11:03 PM *To:*
> The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@fastmail.fm>
> *Cc:* draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org;
> oauth@ietf.org *Subject:* RE: [OAUTH-WG] Alexey Melnikov's Discuss on
> draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)>  


> The attached drafts address the DISCUSSes from Adam and Alexey in the
> ways proposed.  A summary of the changes from -08 is:> ·        Revised the transformation between the issuer identifier and
> the authorization server metadata location to conform to BCP 190, as
> suggested by Adam Roach.> ·        Defined the characters allowed in registered metadata names
> and values, as suggested by Alexey Melnikov.> ·        Changed to using the RFC 8174 boilerplate instead of the RFC
> 2119 boilerplate, as suggested by Ben Campbell.> ·        Acknowledged additional reviewers.


> I’ve attached both source and .txt versions to facilitate comparison
> to -08.  Unless I hear additional suggestions for improvements by my
> end of business Tuesday, I’ll plan to publish this as -09.>  


>                                                        Thanks all,


>                                                        -- Mike


>  


> *From:* Mike Jones *Sent:* Sunday, January 28, 2018 7:23 AM *To:* The
> IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@fastmail.fm> *Cc:*
> draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org;
> oauth@ietf.org *Subject:* Re: [OAUTH-WG] Alexey Melnikov's Discuss on
> draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)>  


> Your understanding matches with the intent of the language from RFC
> 7638. I'll plan to proceed on that basis then.> Thanks again,


> -- Mike


> From: Alexey Melnikov


> Sent: Sunday, January 28, 7:04 AM


> Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-
> 08: (with DISCUSS and COMMENT)> To: Mike Jones, The IESG


> Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org,
> oauth@ietf.org> Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks
> for the useful review, Alexey. I propose that we use the same >
> character restrictions that are described in >
> https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a)
> require that member names being registered use > only printable ASCII
> characters excluding double quote ('"') and > backslash ('\') (the
> Unicode characters with code points U+0021, > U+0023 through U+005B,
> and U+005D through U+007E), This looks reasonable. > or > > (b) if new
> members are defined that use other code > points, require that their
> definitions specify the exact Unicode code > point sequences used to
> represent them. Furthermore, proposed > registrations that use Unicode
> code points that can only be > represented in JSON strings as escaped
> characters must not be > accepted. So just to double check: it is Ok
> to register names in Greek or Cyrillic (for example) and they will be
> compared in a case sensitive manner? > I also propose that we say that
> member name comparison occurs in the > manner described in
> https://tools.ietf.org/html/rfc7159#section-8.3. My understanding is
> that RFC 7159 recommends case-sensitive comparison and that is fine
> with me. > Will that work for you, Alexey? Best Regards, Alexey > >
> Thanks, > -- Mike > > -----Original Message----- > From: Alexey
> Melnikov [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January
> 24, 2018 12:06 AM > To: The IESG > Cc: draft-ietf-oauth-
> discovery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; >
> Hannes.Tschofenig@gmx.net; oauth@ietf.org > Subject: Alexey Melnikov's
> Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COMMENT)
> > > Alexey Melnikov has entered the following ballot position for >
> draft-ietf-oauth-discovery-08: Discuss > > When responding, please
> keep the subject line intact and reply to all > email addresses
> included in the To and CC lines. (Feel free to cut this > introductory
> paragraph, however.) > > > Please refer to
> https://www.ietf.org/iesg/statement/discuss-criteria.html > for more
> information about IESG DISCUSS and COMMENT positions. > > > The
> document, along with other ballot positions, can be found here: >
> https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > >
> ----------------------------------------------------------------------
> > DISCUSS: > ---------------------------------------------------------------------
> - > > Thank you for the well written IANA Considerations section. I
> have one > comment on it which should be easy to resolve: > > The
> document doesn't seem to say anything about allowed characters in >
> Metadata names. When the document talks about "case-insensitive >
> matching", it is not clear how to implement the matching, because it
> is > not clear whether or not Metadata names are ASCII only. If they
> are not, > then you need to better define what "case insensitive"
> means. > > > ---------------------------------------------------------------------
> - > COMMENT: > ---------------------------------------------------------------------
> - > > I am agreeing with Adam's DISCUSS. > > >
> _______________________________________________ > OAuth mailing list >
> OAuth@ietf.org >  https://www.ietf.org/mailman/listinfo/oauth