Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
Adam Roach <adam@nostrum.com> Sat, 20 October 2018 00:00 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0248D130DE6; Fri, 19 Oct 2018 17:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oTVRH93dPaf; Fri, 19 Oct 2018 17:00:10 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945811310AF; Fri, 19 Oct 2018 17:00:10 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w9K000ld034964 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 19 Oct 2018 19:00:02 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: William Denniss <wdenniss@google.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-oauth-device-flow@ietf.org, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, oauth-chairs@ietf.org, oauth <oauth@ietf.org>
References: <153317059661.22107.3645320244647621058.idtracker@ietfa.amsl.com> <CAAP42hAcD7uVa_1wY8f6yeS7EMAJgaeHzV6rJR2gF=En522gKA@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <4a4e12f8-7392-fdef-29be-482ddddb46a3@nostrum.com>
Date: Fri, 19 Oct 2018 18:59:55 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAAP42hAcD7uVa_1wY8f6yeS7EMAJgaeHzV6rJR2gF=En522gKA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------D4CE21B96D9325724FCA68D8"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JQWfmb4cB8eAEaymYlp-Fru3glY>
Subject: Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2018 00:00:13 -0000
Thanks. I have entered a ballot of "no objection." /a On 10/19/18 4:15 PM, William Denniss wrote: > Adam, > > Thank you for your feedback and pointers, version 13 should fully > address your feedback. Comments inline: > > On Wed, Aug 1, 2018 at 5:43 PM, Adam Roach <adam@nostrum.com > <mailto:adam@nostrum.com>> wrote: > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks to the authors for addressing my comments and half of my > DISCUSS. > This final issue appears to remain unaddressed: > > §3.1: > > > The client initiates the flow by requesting a set of verification > > codes from the authorization server by making an HTTP "POST" > request > > to the device authorization endpoint. The client constructs the > > request with the following parameters, encoded with the > "application/ > > x-www-form-urlencoded" content type: > > This document needs a normative citation for this media type. > > My suggestion would be to cite REC-html5-20141028 section > 4.10.22.6, as this > appears to be the most recent stable description of how to encode > this media > type. I'd love to hear rationale behind other citations being more > appropriate, > since I'm not entirely happy with the one I suggest above (given > that it's been > superseded by HTML 5.2); but every other plausible citation I can > find is even > less palatable (with HTML 5.2 itself having the drawback of not > actually > defining how to encode the media type, instead pointing to an > unstable, > unversioned document). > > > Thank you for the advice. I've struggled with this one myself. HTML > 5.2 like you say links to an unstable and unversioned document (albeit > one that is readable and pleasant for implementors). I wish they had a > proper stable reference, it seems odd to normatively reference > something that isn't stable to me, but what can we do? > > I went with the exact reference you suggested, it's in version 13. > > Best, > William >
- [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oau… Adam Roach
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… William Denniss
- Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf… Adam Roach