Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-rar-04.txt

Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 07 February 2021 12:49 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329D43A0D01 for <oauth@ietfa.amsl.com>; Sun, 7 Feb 2021 04:49:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lodderstedt.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IR_aC5sB-5HZ for <oauth@ietfa.amsl.com>; Sun, 7 Feb 2021 04:49:51 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5D043A0D00 for <oauth@ietf.org>; Sun, 7 Feb 2021 04:49:50 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id a1so13802178wrq.6 for <oauth@ietf.org>; Sun, 07 Feb 2021 04:49:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lodderstedt.net; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=rlyejlgnYBjhaP5bdxd6676RIo9E87jrLb1OSjo73M8=; b=1OoDoE8aNXIPkqxEAh5XYhSVDACJ8Ljq45IIaac3W50r3H/M1SJGNKPlcSnwFiaW5T ZaWbzOOWaPdx6E6uvEV3kKF4XLXmy9Py5YKHVuI6esy6ExWXyR/Yqj34N8ZeLNH+m+/9 u/xFJxvKwx9IaNKaCcgKDokL9kGcKyryK0H1po7rmgYdkVtxg1oZ5bC5smXTT/KL5w+E dSu/kjcQGcvim3i7aFHcrR06ZZhi8uiRrrId8ds+VkOJXNRR9a+/7DBzQgffzfkCitsx iG8sO5Q1w+hqmkkHDMKljzBXmDh8x9uvyc8ZltUbaUPLjjXLDO5CtyOoIH6vbYCDH4ef +ZkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=rlyejlgnYBjhaP5bdxd6676RIo9E87jrLb1OSjo73M8=; b=LYO5UYZ7eMM9LN0q5Wi4jR58a6e95SMrO4XKy9REIWv8hwYBEPd29+X5J/C5jkbQ/M rrmmQ9b0z2+mw7MPszVMq5eoouB0JHsBQDmikmV8ML2e0u39jzET9Aj4cFaCsHvo3BkF 2AZJA7KH1CfWaFUwmaFKumPAl8y7XvGt2MJRmn6aJuqyfO0qGCWdCDlvNATzGFMcEbHo roypZwYYqyaEgNmNh+ziWrfZ+Y/djpAd3NV5cLTVND7uYvn99vq1KZwxwdSQP08ZO7BL //+LSktwdbwx0ikcT4uSyhtNstpKFe5BK00psUP1XbmfVHwzMHtJdL0CdVlT76/QQlUf CIww==
X-Gm-Message-State: AOAM533BcdmqKbLTmOHs/eWT18SnMksqYhg4vtmLwPhOrMqnncBVV84I 6oyWkD+Ljnsa3MwG1lyoJzMXiIN33e1rB5YE
X-Google-Smtp-Source: ABdhPJzOX3iIdfjKEd9L81Tcqeyi9eaocn1sa8d2Vtao9VtJ30jK9FqkkEzUx0xUKJ2mhBlOmLllgA==
X-Received: by 2002:a5d:68c1:: with SMTP id p1mr14928274wrw.325.1612702188918; Sun, 07 Feb 2021 04:49:48 -0800 (PST)
Received: from [192.168.71.123] (p5b0d9c0a.dip0.t-ipconnect.de. [91.13.156.10]) by smtp.gmail.com with ESMTPSA id k11sm7373016wrv.51.2021.02.07.04.49.48 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Feb 2021 04:49:48 -0800 (PST)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8737106E-CD4E-4341-811C-43A373AABA49"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Sun, 07 Feb 2021 13:49:47 +0100
References: <161270175060.8296.1897997883947486904@ietfa.amsl.com>
To: oauth <oauth@ietf.org>
In-Reply-To: <161270175060.8296.1897997883947486904@ietfa.amsl.com>
Message-Id: <06504BA6-6065-4ADD-BE45-5E13DF00DC1A@lodderstedt.net>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Kre_xMsor3xCSQ2svBHjMrlIQPE>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-rar-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2021 12:49:53 -0000

Hi all,

here is the list of changes in revision -04:

restructured draft for better readability
simplified normative text about use of the resource parameter with authorization_details 
added implementation considerations for deployments and products
added type union language from GNAP  
added recommendation to use PAR to cope with large requests and for request protection

Your feedback is highly appreciated.

best regards,
Torsten. 

> Am 07.02.2021 um 13:42 schrieb internet-drafts@ietf.org:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Web Authorization Protocol WG of the IETF.
> 
>        Title           : OAuth 2.0 Rich Authorization Requests
>        Authors         : Torsten Lodderstedt
>                          Justin Richer
>                          Brian Campbell
> 	Filename        : draft-ietf-oauth-rar-04.txt
> 	Pages           : 36
> 	Date            : 2021-02-07
> 
> Abstract:
>   This document specifies a new parameter "authorization_details" that
>   is used to carry fine grained authorization data in the OAuth
>   authorization request.
> 
> 
> The IETF datatracker status page for this draft is:
> https://www.google.com/url?q=https://datatracker.ietf.org/doc/draft-ietf-oauth-rar/&source=gmail-imap&ust=1613306557000000&usg=AOvVaw3-4SmuMFgxbz-cDK2Ir_a7
> 
> There is also an HTML version available at:
> https://www.google.com/url?q=https://www.ietf.org/archive/id/draft-ietf-oauth-rar-04.html&source=gmail-imap&ust=1613306557000000&usg=AOvVaw1J52xGTvk1ZAuBC_fUAIjJ
> 
> A diff from the previous version is available at:
> https://www.google.com/url?q=https://www.ietf.org/rfcdiff?url2%3Ddraft-ietf-oauth-rar-04&source=gmail-imap&ust=1613306557000000&usg=AOvVaw0TYqmFwryvAYznR2Ho5Oj6
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/oauth&source=gmail-imap&ust=1613306557000000&usg=AOvVaw06g1z6o36BkkaqkiWc1Lw9