[OAUTH-WG] Re: John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT)
Michael Jones <michael_b_jones@hotmail.com> Thu, 03 October 2024 17:40 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923FFC14F6AB; Thu, 3 Oct 2024 10:40:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NzRrwUg5VLVH; Thu, 3 Oct 2024 10:40:24 -0700 (PDT)
Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazolkn19012061.outbound.protection.outlook.com [52.103.2.61]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE9F2C14F6EE; Thu, 3 Oct 2024 10:40:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TrpShPal43vCVvCHX4U1vZeBdaJqnpKLIxwXn9w7qbZgTbjEFbU+Vyx2EazTOAX46KkkI2e05E5YvWCApI/X2uMj47xX/v/IHjsh+J1nS5dz8e1qmI9ozgWDngaZ/jEOmj4pE5/P/lYeIYsQ5GnO8+SZrdl5j3llO2v2wgf2O9oK0Z46Lmo4ZQ382/J9Pvenlm3g+cdCwT6BdW5vVssCD1tngUIv69K3e3Ri9u5csNmI90M8/u/Ek5N7VDXiZmAuagNjJhEQI9jQcdVD+JtZglEqdb9OrcJov57heB/X5erHUPCipZ/nqXoSbGEK6aHsEJm6Fx8BUt/0fXIFSzS1Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=X0G1OMxu75O3s+ZlbOursqvqV3toV0XY3vWm+u58PFs=; b=l+N1T9PSTshO2pGNycZC+eoIDDu3AhCmwiNmZibDAuKEVrdu62vrMDbHcbhSgDWda8jGkWUgKiauXgkjRGT9ZK9kk4Sp0ABDpUEV0RHBC76H7lbZ5ilL2/1hJ6VYOExk9WE7JyFtepHqEGLcjL4v0GTtKEMPme+GaMltK7g2jxopvutjQSlEqcJfd+ZuTiimpx9d5FkRptA3BYXKBvjjMwMmgH+R5RKjnSL0LDoCbFmV8AsFfAqasmn+d6sxcQ5SJVjp+7/k0QMXNRYJu8IpaoHavpSGVb4fFToKnYNEcAfpJfqkfED4zKfRsVCwUxyNG0XrXszYWcrMQi4lD/05Fg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X0G1OMxu75O3s+ZlbOursqvqV3toV0XY3vWm+u58PFs=; b=SHf9o8fqXbUe5L4L3vVLEzaAmH9pvGp0fQyxC1BSoe1DpW2mLbP4CaohgNjThXpDWQa5K0fcRp4hAdQEio03QetqBoKJoGS28Gc3xf1tmeIRMzM6VC/7FDakhsLzE7ZxpauvT06yKGlrT0Q/OG3ocvfnWXR6MnTvPqsQnxeG1laTBRt0++ELg6eDtTXp6FPaFJgJfs4dNVPBe507itPsptjkoRYhNkcaOMG0CWFOba00Exzs5wxn0eaqcRjv4h2+pocs2kJwJ2rpfQkDY0dqp85I6z0TEWySF33U+3ggAfzLnKwZ0mF/ilzxfni9N9pf4ksF4ksBwvOOpYn8VDSHSg==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by DS0PR02MB9620.namprd02.prod.outlook.com (2603:10b6:8:f7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8026.18; Thu, 3 Oct 2024 17:40:21 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a%3]) with mapi id 15.20.8026.016; Thu, 3 Oct 2024 17:40:21 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: John Scudder <jgs@juniper.net>, The IESG <iesg@ietf.org>
Thread-Topic: John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT)
Thread-Index: AQHbFSv9P+njfueySk674pj8Uh+xLrJ0NhQggAEV24A=
Date: Thu, 03 Oct 2024 17:40:21 +0000
Message-ID: <SJ0PR02MB743995310E8DF019A9EE3830B7712@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <172791565753.1005528.2531252981276607618@dt-datatracker-7bbd96684-zjf54> <PH0PR02MB7430E73FB4EFEA6ACF304905B7712@PH0PR02MB7430.namprd02.prod.outlook.com>
In-Reply-To: <PH0PR02MB7430E73FB4EFEA6ACF304905B7712@PH0PR02MB7430.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|DS0PR02MB9620:EE_
x-ms-office365-filtering-correlation-id: 90b13b95-2e8e-4ee0-dcc8-08dce3d27481
x-microsoft-antispam: BCL:0;ARA:14566002|461199028|7092599003|15080799006|8062599003|8060799006|19110799003|102099032|1602099012|10035399004|440099028|4302099013|3412199025;
x-microsoft-antispam-message-info: qWlx+kgezVkgFb3gp9HmEnTXLyDiZG3R2Ni0qSdEM2F6L3ChvNRjBQCwc/PIjvT6oWwiy5ewVbbnTS/mbN9Uc5ZtvgYiPdPM7TXfYKBRIxfwoGIMtiZ1dPDjK3VoRwzuFag1tIdfr/UgHQB7YEgFAgNnOAT+skyRXHoS6iTon/ScBCYhZgR5AdXS0Gwk3EvR/Q/eEcTNLuk9ecdY23siruV1zKzPNz1IM0D2yi8BjBuXnDGM4ARv1CtI4VAB7ZFQYieYWKnbNhBjRwY0VEYpWgTK8mr+xr1PwWES/sLLcwvvg5+QkooMXnsyx0NiczX1KX/WU1OH3Ydth2HBzVf+DIqrV0D/UyNfAntGWUyrkRHOfwgDlpLmGv013rpx9l/kFnuTxhffvqRBf5pVPbuFr+KaA31djUVlSfMON6DYqP4jriS9S9v8ym9vHolao5zDiDUOd8oXitZy9BvOhMDn4lhm++L7Rj0nIa8mPEyK4RNPfHJe23jZUl7m5GVgP18cQHITrnGB+KXj4ugVaMRUAfBFs7PzInwcZ+eDAf3IszLW36PRZyRXuQ9HQAMagSoyBDTVL6SFW6wWpeJxOQ3iOROsZGkxw/UdUOSdDEGDo1st2UOGBZW8B+J8GsX2vlsCI1X9RcIzEYW+AFR8bs6w4nSuY5+tFei2vNiifa29KoDOX1b1bDxaiJs1MZlyn9haMINd2xXmLhsQAoVm9lJJSD/wtnVOJy79GWb6NKT9tY8rYCjJJ/xzG4trbEdHfOY68W62aBUVrxnGOJWeHAFHTywLDN6FOB9f7KJDo4xr2A4s3N4WVzyYn3N6hYXA7Mq2BAX3/r2eiNjLD1Fn2M5HWJyqIleLiSCAPFqogLLL5upoigH6iPjeJhfnB2lJgwZ1
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iftZSnXp5g0bz+SSO8/cV78lHxJp/ClHFT+7XbbexRkUMD0e9PCf1yY/G30G4Jr0ptiEPwEdzWvnmaZ9YoMJSrn2NByk7qzOJ3F7JoH2ZLaQynJOL5oPQoxD5rTU9kiKclMHqA3wiXKx33+zQTCRG9s1yD8ZTivSQlRCbJAwUGmhKCW5hi1+O36DoOPpsgWHkNRpW6AP6lgfEfipIfg9vEIG4CGbY+TK2JrfSyEHmg1BKKfd/d3flRXep0tYVoIbf0g7E6LAITjtDI08JT34JgHfskXkYLlRC6xSp4Wffg+9Xj0qd3SAzwtr5bySUcTreJEwuLnx7Yt/jECLIYAHrTzdSa0AQj12M2BAeaj8GmYxe4oFmyagHIvs4RydKNXAt1zmblsE/G8JyXVT2NUUHJy2JwVnIxsIHxLyIuYbOB2o8ugJWPxxxgy7xcJD9jb67J/557g3hzcsT0UHOLmb1EKSMXC//GVoZ6quS8XjrYsyJ6kxYnC6abuedzJQ9nMUt2NPQSIzwpaihGkGLHPQY6BYDcLczcirBrjK99WXb5Kc9TAIs+5CZFAb2hEvxdzLZfZjk758MQKwv4OoGSRyvVLwcLNIdwCCtw0HH9bYlXfpdObLWch4YfdpX9Q66DXI4fPSaK9aY0FZuK/bMCblo3V3ottzd0M+oz32X58lVPtq8hN/BZgH2GXc5m/dKuru0rfZ+tPba8mYoEd+TkrXoH7XnI6/9fJaOH2JPkCkVQ95dAfLl5jq/GpAOQoPH0NNbD+x9jjGK4csQUrUhaqd84cL+UrvKkgmjEwLbHZLTXjgh+j6bF/E2noUN5DIoePZwPBOkhSmBtqUtD3UAFAOUMz967wS81kAZ5zMnyRD6gviqFtc94yhrROvIlxXPXg1tBvyTQSHF7YRIDKLmkd1dEoEEXLRUdEGAxetqtXsNlEvTTbl+wsVwABIg4Igj6ctSwnRgWlch+5IFoGUlPibncwX8t08vT7EUJWI2FEHMGtZexkt476dpkLBG6g37HFcHhxQxiHP+7mdW5aaWGryy/IWpcJ74bKVQVEDWCT1L5RmSsVvjBL7scFTC7kNVY/iiSr7xcuBT2hh4YTNHA22igxzsOKA3nkM7cQvDZPN6+voQ8iLWVqV7haTFNyRuj8pf7ID/Bouf/hAXZRwun0O2QrngIAhacTIeSqH02v5mrY7G+j9GUMnF19qBRh15+mSYE4Oof3YFnJxYY5AcBOf7BpqywpaFQ3SuyTNGs7qisdMfvX53VQZI2eD8EP7jBtLrEk39DPQ7nrhDCeW62O754UUFOwXyIgustoByr1o5vwvG6ChKH9e589aerGSmlhg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-3d941.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 90b13b95-2e8e-4ee0-dcc8-08dce3d27481
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2024 17:40:21.6817 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR02MB9620
Message-ID-Hash: BNCMWGGO23AVYAWRFWI2QIGXUFO2O3HM
X-Message-ID-Hash: BNCMWGGO23AVYAWRFWI2QIGXUFO2O3HM
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-oauth-resource-metadata@ietf.org" <draft-ietf-oauth-resource-metadata@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [OAUTH-WG] Re: John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/K4UNUbyUYP0oVcEVLDdritWR4jg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi John, Per my reply to Murray, the IANA registration procedure language was updated in https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-12.html as discussed on today's IESG telechat and per Deb's suggestions to me. It now says: "The IANA escalation process is followed when the Designated Experts are not responsive within 14 days." Thanks again for taking the time to review. -- Mike -----Original Message----- From: Michael Jones Sent: Wednesday, October 2, 2024 6:14 PM To: John Scudder <jgs@juniper.net>; The IESG <iesg@ietf.org> Cc: draft-ietf-oauth-resource-metadata@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org; rifaat.s.ietf@gmail.com Subject: RE: John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT) Thanks for your review, John. My responses are inline, prefixed by Mike>. -----Original Message----- From: John Scudder via Datatracker <noreply@ietf.org> Sent: Wednesday, October 2, 2024 5:34 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-oauth-resource-metadata@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org; rifaat.s.ietf@gmail.com; rifaat.s.ietf@gmail.com Subject: John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT) John Scudder has entered the following ballot position for draft-ietf-oauth-resource-metadata-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-metadata/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the well-written document. I have a couple of comments - - Section 1 "This use of WWW-Authenticate can indicate that the protected resource metadata MAY have changed." That's a misuse of the RFC 2119 MAY. You aren't specifying procedure here, so you should be using lowercase "may". This recurs in Section 5.2, "its metadata MAY have changed". Mike> Thanks. Aaron created https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/60 to address this comment. We'll plan to merge it and publish before the telechat. - In Section 8, you say the registration policy is Specification Required, but then you go on to say "However, to allow for the allocation of values prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published." As far as I can tell, that is not compatible with the plain language of the policy called "Specification Required" as described in RFC 8126. I also wonder how the experts could possibly do a proper review if all they have to look at is an IOU for a specification. Mike> This is standard language in OAuth specs. Without trying to be comprehensive, it occurs in at these places: https://www.rfc-editor.org/rfc/rfc6749.html#section-11.1 https://www.rfc-editor.org/rfc/rfc7519.html#section-10.1 https://www.rfc-editor.org/rfc/rfc7591.html#section-4.1 https://www.rfc-editor.org/rfc/rfc8414.html#section-7 Mike> It's worked well in practice, so I'm not prone to use different language here. Thanks again! -- Mike
- [OAUTH-WG] John Scudder's No Objection on draft-i… John Scudder via Datatracker
- [OAUTH-WG] Re: John Scudder's No Objection on dra… Michael Jones
- [OAUTH-WG] Re: John Scudder's No Objection on dra… Michael Jones