[OAUTH-WG] Opsdir last call review of draft-ietf-oauth-resource-indicators-05

Shwetha Bhandari via Datatracker <noreply@ietf.org> Mon, 05 August 2019 11:02 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BE28D12017E; Mon, 5 Aug 2019 04:02:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shwetha Bhandari via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: draft-ietf-oauth-resource-indicators.all@ietf.org, oauth@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.99.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Shwetha Bhandari <shwethab@cisco.com>
Message-ID: <156500293964.24423.8625379330723423979@ietfa.amsl.com>
Date: Mon, 05 Aug 2019 04:02:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MiB3df6Fifho5qcmNhyh9TlzqJI>
Subject: [OAUTH-WG] Opsdir last call review of draft-ietf-oauth-resource-indicators-05
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2019 11:02:20 -0000

Reviewer: Shwetha Bhandari
Review result: Ready

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

This document extends OAuth 2.0 Authorization Framework defining request
parameters that enable a client to explicitly signal to an authorization server
: 1. In Authorization Request: the identity of the protected resource to which
it is requesting access and 2. In Access Token Request: where it intends to use
the access token it is requesting

The document is well written and  meets the Operations and Management Review
Checklist - https://tools.ietf.org/html/rfc5706#appendix-A. The proposed
extension does not have a significant operational impact on the network.