[OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-10: (with COMMENT)
"Barry Leiba" <barryleiba@computer.org> Mon, 22 June 2015 21:52 UTC
Return-Path: <barryleiba@computer.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6CD1AD36B; Mon, 22 Jun 2015 14:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9H1jb8jhYN-r; Mon, 22 Jun 2015 14:52:27 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D221E1AD364; Mon, 22 Jun 2015 14:52:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba <barryleiba@computer.org>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150622215210.2180.203.idtracker@ietfa.amsl.com>
Date: Mon, 22 Jun 2015 14:52:10 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/MvMNXDjTDLFUNZNripSxhKZGcXE>
Cc: draft-ietf-oauth-introspection@ietf.org, draft-ietf-oauth-introspection.ad@ietf.org, oauth-chairs@ietf.org, draft-ietf-oauth-introspection.shepherd@ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Barry Leiba's No Objection on draft-ietf-oauth-introspection-10: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 21:52:29 -0000
Barry Leiba has entered the following ballot position for draft-ietf-oauth-introspection-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for addressing my DISCUSS and most of my comments. The important comment that still remains is this: -- Section 3.1 -- I'd REALLY like to see us stop trying to tell IANA how to handle review by designated experts. This should be re-cast as instructions to the DE (to make sure that the mailing list is consulted), and IANA should be left to handle the expert review with their existing process, which works fine. While we're at it, it would be nice to have some further instruction to the DEs about what they should be looking at when deciding whether to approve a request. There's some very minimal instruction under "name" in the template, but that's all. Is there nothing more to say? For the spop document, I suggested the text change below. Something similar for this document would be great: For the spop document, not this one!: OLD <most of Section 6.2> NEW Additional code_challenge_method types for use with the authorization endpoint are registered using the Specification Required policy [RFC5226], which includes review of the request by one or more Designated Experts. The DEs will ensure there is at least a two-week review of the request on the oauth-ext-review@ietf.org mailing list, and that any discussion on that list converges before they respond to the request. To allow for the allocation of values prior to publication, the Designated Expert(s) may approve registration once they are satisfied that an acceptable specification will be published. Discussion on the oauth-ext-review@ietf.org mailing list should use an appropriate subject, such as "Request for PKCE code_challenge_method: example"). The Designated Expert(s) should consider the discussion on the mailing list, as well as <<these other things>> when evaluating registration requests. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. END