[OAUTH-WG] Richard Barnes' Discuss on draft-ietf-oauth-saml2-bearer-21: (with DISCUSS)
"Richard Barnes" <rlb@ipv.sx> Thu, 16 October 2014 03:56 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D14951A0164; Wed, 15 Oct 2014 20:56:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y04Qqc4IVwAY; Wed, 15 Oct 2014 20:56:40 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7659D1A0149; Wed, 15 Oct 2014 20:56:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Richard Barnes <rlb@ipv.sx>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.4
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20141016035640.25108.27277.idtracker@ietfa.amsl.com>
Date: Wed, 15 Oct 2014 20:56:40 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/HdKGFQyjFe9RpEyrbCc0WTIfCjk
Cc: oauth-chairs@tools.ietf.org, draft-ietf-oauth-saml2-bearer@tools.ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Richard Barnes' Discuss on draft-ietf-oauth-saml2-bearer-21: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 03:56:42 -0000
Richard Barnes has entered the following ballot position for draft-ietf-oauth-saml2-bearer-21: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- As with draft-ietf-oauth-assertions, the requirement for an <Audience> element seems entirely unnecessary. Holding this DISCUSS point pending that discussion and its reflection in this document. "Assertions that do not identify the Authorization Server as an intended audience MUST be rejected." -- What does it mean for an assertion to "identify the Authorization Server"? Does the specified <Audience> need to match the entire URL of the relevant OAuth endpoint? Just the origin? Just the domain? Does the URL need to be canonicalized?
- [OAUTH-WG] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [OAUTH-WG] Richard Barnes' Discuss on draft-i… Brian Campbell
- Re: [OAUTH-WG] Richard Barnes' Discuss on draft-i… Richard Barnes
- Re: [OAUTH-WG] Richard Barnes' Discuss on draft-i… Brian Campbell