Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-03.txt
Aaron Parecki <aaron@parecki.com> Wed, 08 September 2021 21:23 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39A1B3A0112 for <oauth@ietfa.amsl.com>; Wed, 8 Sep 2021 14:23:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avzRdurtXaGe for <oauth@ietfa.amsl.com>; Wed, 8 Sep 2021 14:23:24 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A0333A0147 for <oauth@ietf.org>; Wed, 8 Sep 2021 14:23:23 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id c79so4845769oib.11 for <oauth@ietf.org>; Wed, 08 Sep 2021 14:23:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=oPTaBXOl22lccrwUpVzeGRHCo1XNKk8lVwfaMk3s8L0=; b=m6STb5gT1I/QlnE8WWaINxAuor0f7wbfJV3KHsrWP/4FM+vaDAgy6lU8ctTXTcNvtH bFuemSqh5TpWzFTdqfUmsZhqZDSmzYje7cULcfAAuaVqSMjNH7+dY8F6lD2nBqyH6Iut Q6laiB3PW25tNcEz3464fZe++VqdApkX2QJv7p2MHEq2hvqV3AnVtuQUR2IEHQVWvzqW +/BP0Z/O7tlthHEPsUyBObb7epbQNBdi5I8R25sWnH5bc929nrOVsPbpoZoTX3diScOa Ci1BR2fwXU9PP8ZCOhuS0LhhdVD+/uRwe2HZzZn9toK/K/gkxK+1QXPw66gTL23BZhpr 1c4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=oPTaBXOl22lccrwUpVzeGRHCo1XNKk8lVwfaMk3s8L0=; b=AyOTSQSlE7Z/nOqOjfF7aahQog55qN+shMNN58W7JBiOih1/oWDMsMQRTggkfsCdSY zKCxwrpvNo7mWq5LN+1NNIf/fMCCbXE29fMSrKH/qe747EgF5knqRE7IbS1zdGTQWXbB d2hDc1iRYxeqAIVgV1G4UyTxJ2s/y9S4+ou4rKRuUw0vSCSzV9djb8RioXMXkhtoTS9q g0KnFw4tf7x43DjrwOlnNY6Z9/ja7806nkc2C4/eCxYwQqO1bQcix5dMZeld2meIrQQc vEXVGTStfEWq25FYQgZu7mdOWtkByjtDNijbbN9px5zc1dgoyu8iDsHcisnv98DaTS/K p4zQ==
X-Gm-Message-State: AOAM533SsEbM/e3UGy5Db9bwpWdPTbCFjOI49sCg2R+ReeF1ml4oRFNK YySmdnITMrgW1JPTXA+CR2tQk+Dc1r8xRg==
X-Google-Smtp-Source: ABdhPJzTsuMGpbxCl0gJRWkzql5t+7plNG+u5rSl4fV4kW+1KVyllHWGnKoTh0iFYwBEP6tCrtcb/g==
X-Received: by 2002:aca:f189:: with SMTP id p131mr4080365oih.128.1631136201348; Wed, 08 Sep 2021 14:23:21 -0700 (PDT)
Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com. [209.85.210.42]) by smtp.gmail.com with ESMTPSA id be5sm54076oib.10.2021.09.08.14.23.20 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Sep 2021 14:23:20 -0700 (PDT)
Received: by mail-ot1-f42.google.com with SMTP id c19-20020a9d6153000000b0051829acbfc7so4794719otk.9 for <oauth@ietf.org>; Wed, 08 Sep 2021 14:23:20 -0700 (PDT)
X-Received: by 2002:a9d:7107:: with SMTP id n7mr167882otj.177.1631136200419; Wed, 08 Sep 2021 14:23:20 -0700 (PDT)
MIME-Version: 1.0
References: <163113518295.29022.11476429616637829688@ietfa.amsl.com>
In-Reply-To: <163113518295.29022.11476429616637829688@ietfa.amsl.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Wed, 08 Sep 2021 14:23:09 -0700
X-Gmail-Original-Message-ID: <CAGBSGjoYPf5ySrFn+VC+jubtg+mq86jCz9-aZDFR3i_stQVvAQ@mail.gmail.com>
Message-ID: <CAGBSGjoYPf5ySrFn+VC+jubtg+mq86jCz9-aZDFR3i_stQVvAQ@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ce703c05cb827d51"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NClgn1sqloP3D6bVjwv14r-WRuY>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 21:23:29 -0000
Hi all, The editors have published a new draft of OAuth 2.1. https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html Huge thanks to Vittorio Bertocci and Justin Richer for their previous reviews of the draft, a large portion of the changes in this version are based on their feedback. Here is a high level summary of the changes from the previous draft: * The major change is a refactoring to collect all the grant types under the same top-level header in section 4: https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html#name-grant-types * Better split normative and security consideration text into the appropriate places, both moving text that was really security considerations out of the main part of the document, as well as pulling normative requirements from the security considerations sections into the appropriate part of the main document * Incorporated many of the published errata on RFC6749 * Updated references to various RFCs * Quite a lot of editorial clarifications throughout the document We will continue to make progress on incorporating the suggestions from previous reviews, but in the mean time, this was a significant structural change that warranted publishing a new draft ahead of the upcoming interim meetings. As always, feedback is greatly appreciated! Thanks! --- Aaron Parecki https://aaronparecki.com https://oauth2simplified.com On Wed, Sep 8, 2021 at 2:06 PM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : The OAuth 2.1 Authorization Framework > Authors : Dick Hardt > Aaron Parecki > Torsten Lodderstedt > Filename : draft-ietf-oauth-v2-1-03.txt > Pages : 86 > Date : 2021-09-08 > > Abstract: > The OAuth 2.1 authorization framework enables a third-party > application to obtain limited access to an HTTP service, either on > behalf of a resource owner by orchestrating an approval interaction > between the resource owner and an authorization service, or by > allowing the third-party application to obtain access on its own > behalf. This specification replaces and obsoletes the OAuth 2.0 > Authorization Framework described in RFC 6749. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-03.t… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-… Aaron Parecki