[OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-10: (with COMMENT)

"Barry Leiba" <barryleiba@computer.org> Mon, 22 June 2015 21:52 UTC

Return-Path: <barryleiba@computer.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9D6CD1AD36B; Mon, 22 Jun 2015 14:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 9H1jb8jhYN-r; Mon, 22 Jun 2015 14:52:27 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D221E1AD364; Mon, 22 Jun 2015 14:52:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba <barryleiba@computer.org>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150622215210.2180.203.idtracker@ietfa.amsl.com>
Date: Mon, 22 Jun 2015 14:52:10 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/MvMNXDjTDLFUNZNripSxhKZGcXE>
Cc: draft-ietf-oauth-introspection@ietf.org, draft-ietf-oauth-introspection.ad@ietf.org, oauth-chairs@ietf.org, draft-ietf-oauth-introspection.shepherd@ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-10: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 21:52:29 -0000

Barry Leiba has entered the following ballot position for
draft-ietf-oauth-introspection-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Thanks for addressing my DISCUSS and most of my comments.  The important
comment that still remains is this:

-- Section 3.1 --
I'd REALLY like to see us stop trying to tell IANA how to handle review
by designated experts.  This should be re-cast as instructions to the DE
(to make sure that the mailing list is consulted), and IANA should be
left to handle the expert review with their existing process, which works

While we're at it, it would be nice to have some further instruction to
the DEs about what they should be looking at when deciding whether to
approve a request.  There's some very minimal instruction under "name" in
the template, but that's all.  Is there nothing more to say?

For the spop document, I suggested the text change below.  Something
similar for this document would be great:

For the spop document, not this one!:
<most of Section 6.2>

   Additional code_challenge_method types for use with the authorization
   endpoint are registered using the Specification Required policy
   [RFC5226], which includes review of the request by one or more
   Designated Experts.  The DEs will ensure there is at least a two-week
   review of the request on the oauth-ext-review@ietf.org mailing list,
   and that any discussion on that list converges before they respond to
   the request.  To allow for the allocation of values prior to
   publication, the Designated Expert(s) may approve registration once
   they are satisfied that an acceptable specification will be

   Discussion on the oauth-ext-review@ietf.org mailing list should use
   an appropriate subject, such as "Request for PKCE
   code_challenge_method: example").

   The Designated Expert(s) should consider the discussion on the
   mailing list, as well as <<these other things>> when evaluating
   registration requests.  Denials should include an explanation
   and, if applicable, suggestions as to how to make the request