[OAUTH-WG] OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call

Michael Jones <michael_b_jones@hotmail.com> Sat, 14 September 2024 01:22 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECFBC151073 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 18:22:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.232
X-Spam-Level:
X-Spam-Status: No, score=-6.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srHOvFzJOXkf for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 18:22:45 -0700 (PDT)
Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azolkn19010004.outbound.protection.outlook.com [52.103.12.4]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61E16C14F614 for <oauth@ietf.org>; Fri, 13 Sep 2024 18:22:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yKvQyowngosACuelR5/58oZXDvhe2WxpwWvt+1ZsJ1rMosohF+UHmrkYmloI2ZqFK2Eln8D3WdIT00Aj1Et4axthWfcmx6UTuXrNQdDUaUlzjNexHpb5hzJHsKMkOD7MuXJJ+beZWIk4ZdnW+c6BvZwkf75XByo4lbEXvfLkpJnAzAkCcGyBoYvmxvxOC8vtQ7XQem2YCVY39LcZdDIH1OEzX+9PBWIpirULFRi6E4TLlwk2i0gY2sAi139wvwHOQNU6h6M8WPyN5iRYh/cfElw+xhYuCPFbwuE9ti22JlkRi6GcYpGOlpCydAL5u0gRHNAF6sRsJWd86KNlWw7twQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PHtldNZA+WqgW1C+RuKuUIIOx7/Y6TToLcSFgF8tRJo=; b=HhB6icAjHvf7JpjezM9A5YEogQeJbM/MFU4RpVczYuf2L4MY6fukP8/tF2B6XFkQ2+YVq6Bbrxd/KG5Im1LEE29K7QjGiNfcPvUi36AwhgG/ZQAONpvXj4sztJwUXUgw3VtSizFktWSnR2gXvQL8Y8o+HctVM3rZD/y05XuVgdWQVy5ZfQIaIHl1qQy9J4H2QxSb/zP15hbUo6ptezY/MTxCxg6FXQZjfENzBQw9X0irol45DzGl1Gk6G+1AVOf8NhSCGVANX5AWkOA5CASvv5eQ/YjLeX16z7EcLzT1ylfRdoqFFy7irCJvyy0i4nbz3vcYKcGVFjY8r2wt6O9O7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PHtldNZA+WqgW1C+RuKuUIIOx7/Y6TToLcSFgF8tRJo=; b=qAKYOXHiRgpTJgHOgpQL0Fj4k3DdfsenmQqgwTksy7uOk6LWav8xBNckVKyv0NYIDqGf0hfad5eANelQxSin58gsXkrwlz4xQjVhUg1SKjbYJB6SO9/WDxcHsqiD7d3RatgMz1IWemcOPWrGt29A4mSeGiTW/wxnvwWP/EEBplOtALmPj5WMpKujzPJRtzZB6lg892U14vKsfh7ipLKaBjhL/hR4DuydJ3eCWtaUmFatJYXZXBbqBVKccFvBtESAETHruguTFrLMwIMuGfkJoBNvNtlBQqnGGLp6Xr1w6oNbE2kFZDlprx91Nbgfr8PDpmmbV/x4Z7EMhb3mOMHc7A==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by SA1PR02MB9799.namprd02.prod.outlook.com (2603:10b6:806:378::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Sat, 14 Sep 2024 01:22:43 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a%3]) with mapi id 15.20.7962.018; Sat, 14 Sep 2024 01:22:42 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call
Thread-Index: AdsGQy5ZuUgMfO6vQHK8u69haiEO0Q==
Date: Sat, 14 Sep 2024 01:22:42 +0000
Message-ID: <SJ0PR02MB7439533869AA74A24F40DD6EB7662@SJ0PR02MB7439.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|SA1PR02MB9799:EE_
x-ms-office365-filtering-correlation-id: 19e193f2-1d2d-47db-42e3-08dcd45bbb18
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|7092599003|8060799006|12050799009|15080799006|461199028|9400799024|440099028|4302099013|3412199025|102099032|1602099012;
x-microsoft-antispam-message-info: SOzFCNSpgdn2MSI/tr7mOPLKoausVNOj9B6UyQ5rlL3+EuqQmB3tczeMqtbE4l83Ce1LUW+spp3mAax85MVLSs6ZbaazVzsKk8ZzNnVPqfqf8SCrL4BmAbwSiukDsPjS/mo25ovE7ZWnPbc2P3mTht1W0guXCVKd1saQfhNOsvbfmk/1hcZJU+vCtvjp0VODJWodnXiM9T26ByaLcG2+jxR9D9IbWePT8aMThm66EHaFVbj2CbxovauhnLH1RXbPZcXoAFHYndS3Ph7m2e7ZoOiXdi/HDIWei9wOdSnyo3vlQrOeUXsy3t5g9qtCemogHZbf87pnb7oqBcxzKvMtcbk8ycewPvFnHuKUN3VGf9gDNeKTZw6dGpOXtMbqUY+QN/Lvs7Gmio8WoaRSPFSBdCAJUHhtDeGp6pKZvUMP6SJKyAH/yIfReo0eSQa6r+FaCZfZJjONmO4Na5ERfB/N51oIisSH5LR+9vkvkqJqInJtYfdJqm7fI9n1dNX02rky8TjStjv7WBAi3zRBAy3lUWMLYqFfbphTSbH2fZEDeUXqxryHcVHnJ+Y0dGGC6S4zXQmTMNb5Vqt7n1K9M3RAOWo5OlSf2ov+eEOgFwe5XOCEMLiw8iT34V4nRDMSVIa8UUHsT7ZLr1oYuxe7fqPTmFIDelz8Cm4wiZ3Dh1fDcP07wwRHVhuaRVVNFmwx//UgicO4Nn+mseSWR+SJpzq1uKy0qa9QuYMnEP/H2e/PRqX23wHIJf90e4ckEltDHuahFew9m8mUfAhpevzSZa279jZIXqf3K266e5i4E6xM3Ki+3JCd8pmO27OJhOS0fTacoXjf216AKj9M+U6zZC+rYyp81DU2WAKwwHyCmFxroPLVExhUGqpIT160BmJXDzbf
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: c7A4DD2aWZ8B2s0J7b3wCr7ScCMxWtKkjuzvjb1ThFPI5vf+hUBe5mzNH4+/haNdor1MKqPPct+Zh3qbpOvvXVR1XgXHisQAuJEOQEnoPt3bKd/k9bKmxgRfrbjpa/tZWGHERqhOQwKuD/oDKoqOLcJRESWKrGaJ1nb4xB6DffKb/usI9F63DHcbP0EbWqGguHRk4uh4MEyyF3rmvnN8VDJ8HgvjrI3lXu+dPWXPrfisozMZBceiER8qhQ8w35NjdommR3iopiTt9oktiqkzUKOLqmXz2Yf0AIBKL7UfJGFbxn16HQNseQXtMAzIRywbL/ucM5PZd5uB2IGDBAMgE7TwK2PDGu7tB2B9sAPPdFtq+Hum9Mi/22Pn0/GDYf9y9gvb24oMzmeYxFohtwVLjQwH2iQaflXZh+MQ9QPGB588XQD0KwCyLzcSwUnxYccgKlrYzm1qXd/L+KGoggbDg4qf6U4Tc+1tfXQSX8LBb9aDZMY0whtwkhVoOjTGahNRs3Vxlc3SjdLVEuQmjNkKOJhY7vVxhKhtamIHQIDyIToenPmbcCqn6Fsa4bW9mnA/Xj5eZkQhyC/OomcvabRKkOeXrXz6/bsdpwa4QrE/jJr60Ml2C5zRj0tZj4RlcPhKI4DVzfn38xVksRB0eATlnM2Wx2yfp9njXuUWoFFjhBUJhixi7MmTNRC8hc8AZVoBUocyJFIdq/+WNVCz44wYXxiznsDx+2RjKiMD8Cc/f3Pd1B4eGCWwSfr+XcpG05bwBDo2nFTvY/NgcbFsKDqA4TMaEBZ8wAWUETymlQTwTo6d3MxXB3SydT6Whty2NGgQD7Hpb8iVpb1SLBCul3GmOJpPgM2bEAnGBqCQ1hNEHEMNSWC0RsCbrsRxgoS3NHq1m44tCGCxAoDuDewW7XNLoDMgbF9a4ASUuSIbd7nwVEIA8YEtjkn0kXsHpbv4n8mJUZMHRh1oCwNDGwhU45dXEkj0QBEhoc4Lk7cfA0V4BeKB9pK33wPKANeSpYq7DCscBFkpetgNTK1siA8nvOVNm2Wl5AvWBP2veYx2WHkUXj/afQZW99v+xB5qHMxetwVDUfAyN5hm1+JY2hMYuejfj6f5hwfYUhMz2fsP/r1D1S3BGlyDeLKPlj6x3DdyNaCSPo/F0x0cOGv6XmoTzj+04gphiP2t8AtSNeG8ARoKqQHiwhrkPZHO+B7M0qm6zDDg86ZIBanmAEr8CozQRbslqu8/aujPQmvRXfEl/bRpU6A=
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB7439533869AA74A24F40DD6EB7662SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-3d941.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 19e193f2-1d2d-47db-42e3-08dcd45bbb18
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2024 01:22:42.5735 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR02MB9799
Message-ID-Hash: JXL3YJNKTZ3PSLIIZNJJW3XR4AL7ZR3B
X-Message-ID-Hash: JXL3YJNKTZ3PSLIIZNJJW3XR4AL7ZR3B
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/L33WMJBItxNaT33bNpTz2cIsaKA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Aaron Parecki<https://x.com/aaronpk> and I published a new version the "OAuth 2.0 Protected Resource Metadata" specification that addresses the review comments received since the IETF Last Call. Per the history entries, the changes were:

  *   Added metadata values declaring support for DPoP and mutual-TLS client certificate-bound access tokens.
  *   Added missing word caught during IANA review.
  *   Addressed ART, SecDir, and OpsDir review comments by Arnt Gulbrandsen, David Mandelberg, and Bo Wu, resulting in the following changes:
  *   Added step numbers to sequence diagram.
  *   Defined meaning of omitting bearer_methods_supported metadata parameter.
  *   Added internationalization of human-readable metadata values using the mechanism from [RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>]
  *   Added resource_name metadata parameter, paralleling client_name in [RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>]
  *   Added Security Considerations section on metadata caching.
  *   Used and referenced Resource Identifier definition.
  *   Added motivating example of an email client to intro.

The specification is available at:

  *   https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html

                                                                -- Mike

P.S.  This note was also posted at https://self-issued.info/?p=2569 and referenced from https://x.com/selfissued/status/1834763444899528772 and https://www.linkedin.com/posts/selfissued_oauth-20-protected-resource-metadata-draft-activity-7240529820818808832-oOYU/.