Re: [OAUTH-WG] Draft -19

Eran Hammer-Lahav <eran@hueniverse.com> Mon, 25 July 2011 16:17 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC2D121F8D3C for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, HTML_MESSAGE=0.001, HTTP_ESCAPED_HOST=0.134]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cYWwrDackIX for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:17:16 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 5032221F8BB4 for <oauth@ietf.org>; Mon, 25 Jul 2011 08:54:52 -0700 (PDT)
Received: (qmail 7064 invoked from network); 25 Jul 2011 15:54:52 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.21) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 25 Jul 2011 15:54:52 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT003.EX1.SECURESERVER.NET ([72.167.180.21]) with mapi; Mon, 25 Jul 2011 08:54:40 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, OAuth WG <oauth@ietf.org>
Date: Mon, 25 Jul 2011 08:54:03 -0700
Thread-Topic: Draft -19
Thread-Index: AcxKoSoet0pnUU51RLinUDkuShpevgAM6+mwAAOJpaA=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723450245F5756@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72345021F378BF@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E1F6AAD24975D4BA5B168042967394349852A91@TK5EX14MBXC207.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394349852A91@TK5EX14MBXC207.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E723450245F5756P3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Draft -19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:17:17 -0000

Yeah, I'm not going to waste time trying to keep these in sync for now. This will all be done once before IETF LC and then with the RFC editor.

EHL

From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: Monday, July 25, 2011 7:24 AM
To: Eran Hammer-Lahav; OAuth WG
Subject: RE: Draft -19

A few editorial points about references:
  - the draft is referencing an old draft of the bearer token spec (-04), rather than the current version (-06),
  - the draft is referencing an old draft  of the SAML bearer spec (-03), rather than the current version (-04),
  - the draft is not referencing the assertions spec draft-ietf-oauth-assertions-00, which would make sense in Section 4.5 (Extensions)

Also, the example in 4.5 should be updated to match the current SAML bearer spec:

   grant_type=http%3A%2F%2Foauth.net%2Fgrant_type%2Fsaml%2F2.0%2F
   bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDUtM
   [...omitted for brevity...]V0aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24-

                                                            Thanks,
                                                            -- Mike

From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org]<mailto:[mailto:oauth-bounces@ietf.org]> On Behalf Of Eran Hammer-Lahav
Sent: Monday, July 25, 2011 1:07 AM
To: OAuth WG
Subject: [OAUTH-WG] Draft -19

Draft 19 includes all the feedback received for -18:

* Closes issues 15-19
* Moved client profiles to section 2.1 from 10
* New text for 'Code Injection and Input Validation'
* A few minor editorial clarifications

There are two open issues (20, 21) which are minor editorial requests, and the request being discussed on the list to change the public/private client type terminology to something else.

I consider draft -19 to be ready for WGLC immediately.

Thanks,

EHL