[OAUTH-WG] John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT)
John Scudder via Datatracker <noreply@ietf.org> Thu, 03 October 2024 00:34 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from [10.244.8.155] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id D787FC1CAE88; Wed, 2 Oct 2024 17:34:17 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: John Scudder via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.25.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172791565753.1005528.2531252981276607618@dt-datatracker-7bbd96684-zjf54>
Date: Wed, 02 Oct 2024 17:34:17 -0700
Message-ID-Hash: CQ5CAVCSI5CPAEZK7Z4FYYIVUHMYFIU3
X-Message-ID-Hash: CQ5CAVCSI5CPAEZK7Z4FYYIVUHMYFIU3
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-oauth-resource-metadata@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org
X-Mailman-Version: 3.3.9rc5
Reply-To: John Scudder <jgs@juniper.net>
Subject: [OAUTH-WG] John Scudder's No Objection on draft-ietf-oauth-resource-metadata-11: (with COMMENT)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UXtbyXqk37LMuJW4Yj0EvQSVmLA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
John Scudder has entered the following ballot position for draft-ietf-oauth-resource-metadata-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-metadata/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the well-written document. I have a couple of comments — - Section 1 “This use of WWW-Authenticate can indicate that the protected resource metadata MAY have changed.” That’s a misuse of the RFC 2119 MAY. You aren’t specifying procedure here, so you should be using lowercase “may”. This recurs in Section 5.2, “its metadata MAY have changed”. - In Section 8, you say the registration policy is Specification Required, but then you go on to say “However, to allow for the allocation of values prior to publication, the Designated Experts may approve registration once they are satisfied that such a specification will be published.” As far as I can tell, that is not compatible with the plain language of the policy called “Specification Required“ as described in RFC 8126. I also wonder how the experts could possibly do a proper review if all they have to look at is an IOU for a specification.
- [OAUTH-WG] John Scudder's No Objection on draft-i… John Scudder via Datatracker
- [OAUTH-WG] Re: John Scudder's No Objection on dra… Michael Jones
- [OAUTH-WG] Re: John Scudder's No Objection on dra… Michael Jones