[OAUTH-WG] Token Introspection: Misc Review Comments

Anthony Nadalin <tonynad@microsoft.com> Thu, 05 March 2015 23:11 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988E21A9073 for <oauth@ietfa.amsl.com>; Thu, 5 Mar 2015 15:11:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shhcFM7EoVql for <oauth@ietfa.amsl.com>; Thu, 5 Mar 2015 15:11:13 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0757.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::757]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB77A1A8979 for <oauth@ietf.org>; Thu, 5 Mar 2015 15:11:12 -0800 (PST)
Received: from BN3PR0301MB1234.namprd03.prod.outlook.com (25.161.207.22) by BN3PR0301MB1236.namprd03.prod.outlook.com (25.161.207.24) with Microsoft SMTP Server (TLS) id 15.1.99.14; Thu, 5 Mar 2015 23:10:53 +0000
Received: from BN3PR0301MB1234.namprd03.prod.outlook.com ([25.161.207.22]) by BN3PR0301MB1234.namprd03.prod.outlook.com ([25.161.207.22]) with mapi id 15.01.0099.004; Thu, 5 Mar 2015 23:10:53 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Token Introspection: Misc Review Comments
Thread-Index: AdBXcRALxHf+M7itSuKMynHPiKrpaQ==
Date: Thu, 5 Mar 2015 23:10:53 +0000
Message-ID: <BN3PR0301MB123478B07C09DC532DEC224CA61F0@BN3PR0301MB1234.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::3]
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1236;
x-forefront-antispam-report: BMV:0; SFV:NSPM; SFS:(10019020)(6009001)(50986999)(46102003)(40100003)(54356999)(107886001)(92566002)(2656002)(87936001)(122556002)(77156002)(102836002)(62966003)(99286002)(229853001)(86612001)(2501003)(76576001)(86362001)(33656002)(74316001)(2900100001)(3826002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1236; H:BN3PR0301MB1234.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <BN3PR0301MB123696A17593FB9F5EE96B88BE1F0@BN3PR0301MB1236.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5001007)(5005006); SRVR:BN3PR0301MB1236; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1236;
x-forefront-prvs: 05066DEDBB
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2015 23:10:53.5029 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1236
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/LjU8HdlTX7RRmMHi5wq1j6R7CVI>
Subject: [OAUTH-WG] Token Introspection: Misc Review Comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 23:11:14 -0000

Some comments:

> The endpoint MAY allow other parameters to provide further context to the query.

If the endpoint does not understand these the endpoint must ignore.

The only MUST in this specification is to return the "active" Boolean, but this is still underspecified as there is no definition or criteria that a developer has to go upon to determine if that Boolean is set or not.

token_type_hint  is really not a type hint but just a token hint and thus should be chnaged