[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-incremental-authz-04.txt

William Denniss <wdenniss@google.com> Sun, 03 May 2020 22:57 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C947B3A093B for <oauth@ietfa.amsl.com>; Sun, 3 May 2020 15:57:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-y_f8RZGeCr for <oauth@ietfa.amsl.com>; Sun, 3 May 2020 15:57:16 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 906053A090C for <oauth@ietf.org>; Sun, 3 May 2020 15:57:12 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id i13so5127422oie.9 for <oauth@ietf.org>; Sun, 03 May 2020 15:57:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ajoDH/O5sWTo1xaiZ16CW337OIU9ciOwjv2K/ke3zFo=; b=bopuFSkh3Smr5y6ZJEB3zL6JokvT6rpUxeEDGQ5KEZzuwXIqkjgXhF7+n8xd3wEqF0 BhPnS8avjnXGGEJRJegoFwAMQ4IkDAQZ70XKCadwOoYThFWFIItECwqaIXhqYZQ9ACKY FJn0qWFu35Zv08RdYhoR3fX9m9DImLZDu7OMDyPgj3nMf2NufG9Sso56oyrTHigvoZ2U e+VGcOVXhVdBETZuyGgTS1LIFyUbPNHjS43qWvOE+AmWJxjEJRbHKfsRwVo/ci+4Iadq kJ+8mGdPyXezkSN69e00FSsXn/IohFhnl6r39DZ2tFvIU6kA5oXfFZrXDjhnkmIoT+b1 LpgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ajoDH/O5sWTo1xaiZ16CW337OIU9ciOwjv2K/ke3zFo=; b=q9jj+j/H5IysrjotFTYBkemS3UYxJe0nSptkPJyyq6IBca7NQpPZEPgcjJZLAizw09 YHgdZ9TtbtiBZ6mcVlv1rM93UfhiisBl/a7ga4SL/Obf9Anc7sEbOc2Jxe2VQWi3l0lI RQJot+PujV9TK3nQH1DLs/dPmHrFrw410TY1mxiL0HkSM9ZOIVhXb7m28COfpWHGq2NR gh3AOJtaRcb5oi7ekvUa2VOrpFpC+4S5aU8SUEOs1O2xL0atZz3bdJdX5Mtu4sod+xGa rrUiIzobvdVHUBYiD5xAvxXWiCGg3r3plVS8c92TYtSk8mWHLNG46PHdKmOmj/k/aAwn T0XQ==
X-Gm-Message-State: AGi0PubbVMEs1cBKjycgjQg3fn2WKzxt3sfbXSlJpUWgN3oXsmjCK1oY H3AISfOpLCCNRAMclEVEsrD4nBnSMiBmh+1mRxJJIp1T
X-Google-Smtp-Source: APiQypIAe4Apdrm6GDJRHeZF1Q6WrbsVfXRJHkbX3hBIosNIpkIe2YktrRIDpofHoKypNbIX0NUDjU0+Y1xswVnaAsQ=
X-Received: by 2002:aca:b6c2:: with SMTP id g185mr7114892oif.156.1588546631186; Sun, 03 May 2020 15:57:11 -0700 (PDT)
MIME-Version: 1.0
References: <158854592426.14672.16620287539138925587@ietfa.amsl.com>
In-Reply-To: <158854592426.14672.16620287539138925587@ietfa.amsl.com>
From: William Denniss <wdenniss@google.com>
Date: Sun, 3 May 2020 15:56:58 -0700
Message-ID: <CAAP42hBpB9XiqpZXOGzF8DWtZCT1tX8kEfM+JdYTVjFroPVG0Q@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a9904105a4c65598"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UBj_GmSIbqsgPh1bt-sZXytZkKI>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-incremental-authz-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 May 2020 22:57:18 -0000

In this version, I addressed review feedback from Naveen and Aaron, which
resulted in added some new sections "Previously Granted Scopes" and
"Handling Scope Reductions" containing some advice for implementors,
 and a clarification of the OAuth metadata.

I also defined a new OAuth error code, "overbroad_scope" to have a proper
way for servers to deny requests for this reason (was already defined in
"Preventing Overbroad Authorization Requests", but didn't have a unique
error code defined).

I will be discussing these changes and the document as a whole tomorrow. I
realize this version is posted very close to that meeting, and so I do not
expect anyone to read the changes before my presentation. I will take a
minute then to briefly outline these changes at that time.

Best,
William

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Sun, May 3, 2020 at 3:45 PM
Subject: New Version Notification for
draft-ietf-oauth-incremental-authz-04.txt
To: William Denniss <wdenniss@google.com>



A new version of I-D, draft-ietf-oauth-incremental-authz-04.txt
has been successfully submitted by William Denniss and posted to the
IETF repository.

Name:           draft-ietf-oauth-incremental-authz
Revision:       04
Title:          OAuth 2.0 Incremental Authorization
Document date:  2020-05-03
Group:          oauth
Pages:          11
URL:
https://www.ietf.org/internet-drafts/draft-ietf-oauth-incremental-authz-04.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-oauth-incremental-authz/
Htmlized:
https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-incremental-authz
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-incremental-authz-04

Abstract:
   OAuth 2.0 authorization requests that include every scope the client
   might ever need can result in over-scoped authorization and a sub-
   optimal end-user consent experience.  This specification enhances the
   OAuth 2.0 authorization protocol by adding incremental authorization,
   the ability to request specific authorization scopes as needed, when
   they're needed, removing the requirement to request every possible
   scope that might be needed upfront.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat