[OAUTH-WG] OAuth 2.1-03 - WG adoption?

Dick Hardt <dick.hardt@gmail.com> Mon, 06 July 2020 16:44 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B78C3A1760 for <oauth@ietfa.amsl.com>; Mon, 6 Jul 2020 09:44:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JynaB1CL2Ofs for <oauth@ietfa.amsl.com>; Mon, 6 Jul 2020 09:44:29 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2D813A176E for <oauth@ietf.org>; Mon, 6 Jul 2020 09:44:28 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id y18so22954699lfh.11 for <oauth@ietf.org>; Mon, 06 Jul 2020 09:44:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=g3AcGHPVX2vMDLTjFOimJ32sMHrdOegRwDEuemGAp0A=; b=Lldmesw78Z1bMHOGbzl4dNo5NdrciXPBqxXRvwuVBTytXXt+QOFKnfWm+uSFnOGSIK Ib2TVm8i4nMfbPet2sNp8vXeQNclf4Li3zroPG2Taruc4DLJB/e2+UyeUSI0PQH3apCZ ouMqcyo/XPoNOMZlCjkWA8X8ndPYWNugXepLH6XI4Feb3bkaaYVxzOITCmY5mn1lqYSI Fa8P0lm1WK2XeMd5aVwex3rdFDcINvmoSK3qZL8DC3JNRd4wsRBNCTW8lpoIBOjVvBQe aXAJgcZ8FESYbGoxSGUrQT0pakuG5iyIBMYK/YgdwFC3OOEpdWSn1PXaqn2rwXdKeb8a 6dZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=g3AcGHPVX2vMDLTjFOimJ32sMHrdOegRwDEuemGAp0A=; b=Ucunqym4uG4soQA42C8eS7IMW+L5L+yMqNwPRT1IEwM4TlLGSMQThX8ZM564xD2v5v SAcorIA8JNWSFbuleVdKnO58NQg4ESEbQAtn/ziiFzor6ezbOXsRkNv5UGiBjwPutDnR LopsVM//nZyCWnw6Nxcb2qPqXs4eBdTEpQHutN8fgLWPfbDX19pDy2+KlJpjqAL1CX5E ynEa2dv5UZl4Y9v3ufqInRVgrY1DvxH8Ngg38w9DGOkaz2BGgpniTcNgoLKlR/u68aO2 e5yz0Jdy+Z/wzq/csHyyQOy7gkHgZHNZh9ZYZ5sQEYZw8L07oxqaHMiaVewM/AWAbuka MUwQ==
X-Gm-Message-State: AOAM530wWXero1wL5EMSSMxuxGDfFhbqMfsa8m6bB26ysjedaFUV5+kE Ju/H2CkityeOKZY/TmIARIBwv1xEX8smbUwqb9HLIn/ajBE=
X-Google-Smtp-Source: ABdhPJxtgwaC1R7qxFYhqrNwUt07ArsBNoI14gTJrRO79Vz2O2sgPplGcl5ayEdOwWp/oI7pkGNtHQ+c8P+ig9bJ8YY=
X-Received: by 2002:ac2:5093:: with SMTP id f19mr31077757lfm.10.1594053866435; Mon, 06 Jul 2020 09:44:26 -0700 (PDT)
MIME-Version: 1.0
From: Dick Hardt <dick.hardt@gmail.com>
Date: Mon, 6 Jul 2020 09:43:50 -0700
Message-ID: <CAD9ie-uOiy92_68YzLajEDr4kjoKwvmn1aQiz6_=HojpbWYtPA@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007639c505a9c89693"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/O_i_qaT5bYJT4itn3Ks3Siat-X4>
Subject: [OAUTH-WG] OAuth 2.1-03 - WG adoption?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 16:44:33 -0000

Aaron, Torsten, and I -- with some help from Daniel -- have created a new
version of draft-pareck-oauth-v2-1. I think we are ready for a WG adoption
call (assuming the updated charter).

Here is the doc:

https://tools.ietf.org/html/draft-parecki-oauth-v2-1-03

Here is a link to the diff from -02:

https://tools.ietf.org/rfcdiff?url2=draft-parecki-oauth-v2-1-03.txt

This version incorporates feedback from the WG, as well as editorial
changes to improve readability. Highlights:

- Appendix of current known extensions, and references to the Appendix so
that readers become aware of related work.

- defined new client type - credentialed clients - a client that has
credentials, but the AS has not confirmed the identity of the client.
Confidential clients have had their identity confirmed by the AS. We talked
about changing the names of confidential and public, but thought that would
be confusing. This new definition cleans up the text substantially.

- consistent use of redirect URI rather than mixing in redirect endpoint
URI and redirect endpoint.

- adopted new language on when PKCE is required.

- removed IANA section (nothing new is in 2.1)

/ Dick