Re: [OAUTH-WG] OAuth Digest, Vol 181, Issue 55
Hethm Almamoon <almamoonhethm@gmail.com> Wed, 29 November 2023 20:08 UTC
Return-Path: <almamoonhethm@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A197C151539 for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 12:08:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FK_tRGpm493F for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 12:08:15 -0800 (PST)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5D7EC15108A for <oauth@ietf.org>; Wed, 29 Nov 2023 12:08:15 -0800 (PST)
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-db40849f2d5so1116715276.0 for <oauth@ietf.org>; Wed, 29 Nov 2023 12:08:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701288495; x=1701893295; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Qdl085nH8AOHe+zTvLGN/NfsUT4Qv41YkJwdhcPmfLE=; b=PB/GUp03aX3ImzeWgM6SCddw9ZJ2iNJaBkb+bHFe/MCRRdHHXC6czCaUWKnQl6YhtE ociTRRtaNx0A4p1NCCVZMethOJ0Ds9X5IaHpo6CyZxCg4ZGIozSbHPJe8dm3GUrp3D7z i5YMKtI+JRVOGEwdrUk9p8rf8CjElBvaDyR9o76f5vLxZCa6gSv4Ig7eysGr8Edi1JO4 Pwp2BikQk7HWJy0ydpueZL/G2lNcul8G001yls1EVydU5dm4lqHcu+e4lJ5IVYRGMrs6 9gfR0AsYTUeKq0+niVve/xOi1C+AytX05PNDrylfGrUTshFFhz7kNv8AXAAInjTDfkpv Be5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701288495; x=1701893295; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Qdl085nH8AOHe+zTvLGN/NfsUT4Qv41YkJwdhcPmfLE=; b=BvkAHPrTHF+Th42H+gs78DwWHDkSECxDh1Qs8BrBl0J1/OMR+nCDbK4GRuvHEC+w7X aDZctlrJlDGaHKde8h3I5/ZqewUqa78kkaXQVm7mc0iQVK+8paB6h27fMWYcvghZK0Xj XN+V3bDGaQw8e68i6nssNTo3cDaOnGeaTdYehF5GqYxZlV3vz5jK0wBtnk0p1xHAC2fl K6RIRUIJExt1ISKt9JxSHJV/gS17fd0YOo0sjzPl2gnRRUvGQcsaBhMmp+IbKTVDgkrO fdb+IncJcdOGxa/GWzimrfdrGmUDwXg5UD3OTu49m6vzhv54TBIQEXCGvQLUlYCq+TAe bhFw==
X-Gm-Message-State: AOJu0YwHJGdqJbnhGfY+mCwNQ4Q1whBfh5zyXYmu7w6KtsAuc+kVM8fY JdJdxj9ejmSDh2Xuie/YPjGHeUALErkTO1lMzfJsoXjvs4NJXw==
X-Google-Smtp-Source: AGHT+IFlPAcZOxOvOWyK3ReU1GfPs7illYBqNzCIuyhH2tz9xWZZIEerYB5kMwCXHgSxWChBdQL9gtH0P/GnRuOqtNo=
X-Received: by 2002:a25:ac43:0:b0:d9a:c0af:9da with SMTP id r3-20020a25ac43000000b00d9ac0af09damr14662497ybd.28.1701288494682; Wed, 29 Nov 2023 12:08:14 -0800 (PST)
MIME-Version: 1.0
References: <mailman.25391.1701285141.4452.oauth@ietf.org>
In-Reply-To: <mailman.25391.1701285141.4452.oauth@ietf.org>
From: Hethm Almamoon <almamoonhethm@gmail.com>
Date: Wed, 29 Nov 2023 23:08:01 +0300
Message-ID: <CAGGEAETkSizY66izr-DjDXd0ZeMZORgvgyfu22hbmcYbrgU0pw@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000062d8ca060b501800"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Vos9oNL0bfb2sStrXAtvcm1UF1s>
Subject: Re: [OAUTH-WG] OAuth Digest, Vol 181, Issue 55
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 20:22:31 -0000
شكرا لكم من اعماق قلبي ارجو منكم استعادة المال الذي تم سحبة الى هذا العنوان هذا عنوان الهاكرز 0x9696f59E4d72E237BE84fFD425DCaD154Bf96976 في الأربعاء، ٢٩ نوفمبر ٢٠٢٣, ١٠:١٢ م <oauth-request@ietf.org> كتب: > Send OAuth mailing list submissions to > oauth@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/oauth > or, via email, send a message with subject or body 'help' to > oauth-request@ietf.org > > You can reach the person managing the list at > oauth-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of OAuth digest..." > > > Today's Topics: > > 1. I-D Action: draft-ietf-oauth-transaction-tokens-00.txt > (internet-drafts@ietf.org) > 2. Re: [Editorial Errata Reported] RFC6749 (7715) (Brian Campbell) > 3. Re: [Editorial Errata Reported] RFC6749 (7716) (Brian Campbell) > 4. Re: [Editorial Errata Reported] RFC6749 (7715) > (Rebecca VanRheenen) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 29 Nov 2023 10:12:44 -0800 > From: internet-drafts@ietf.org > To: <i-d-announce@ietf.org> > Cc: oauth@ietf.org > Subject: [OAUTH-WG] I-D Action: > draft-ietf-oauth-transaction-tokens-00.txt > Message-ID: <170128156401.30455.17043866146370716999@ietfa.amsl.com> > Content-Type: text/plain; charset="utf-8" > > Internet-Draft draft-ietf-oauth-transaction-tokens-00.txt is now > available. It > is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. > > Title: Transaction Tokens > Authors: Atul Tulshibagwale > George Fletcher > Pieter Kasselman > Name: draft-ietf-oauth-transaction-tokens-00.txt > Pages: 19 > Dates: 2023-11-29 > > Abstract: > > Transaction Tokens (Txn-Tokens) enable workloads in a trusted domain > to ensure that user identity and authorization context of an external > programmatic request, such as an API invocation, are preserved and > available to all workloads that are invoked as part of processing > such a request. Txn-Tokens also enable workloads within the trusted > domain to optionally immutably assert to downstream workloads that > they were invoked in the call chain of the request. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/ > > There is also an HTMLized version available at: > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-transaction-tokens-00 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > > > ------------------------------ > > Message: 2 > Date: Wed, 29 Nov 2023 11:35:54 -0700 > From: Brian Campbell <bcampbell@pingidentity.com> > To: Aaron Parecki <aaron=40parecki.com@dmarc.ietf.org> > Cc: RFC Errata System <rfc-editor@rfc-editor.org>, > hello@alexwilson.io, oauth@ietf.org > Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715) > Message-ID: > <CA+k3eCRagYgHaKH8uNJ= > iJ3jtK4zHmNSf9orzgC15LpruSJ1Jw@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Agree with Aaron that this errata should be rejected. > > On Wed, Nov 29, 2023 at 10:57?AM Aaron Parecki <aaron= > 40parecki.com@dmarc.ietf.org> wrote: > > > This errata should be rejected, as section 4.2.2.1 is about the implicit > > flow, which returns parameters in the fragment part of the URL, not query > > parameters. > > > > > > On Wed, Nov 29, 2023 at 11:51?AM RFC Errata System < > > rfc-editor@rfc-editor.org> wrote: > > > >> The following errata report has been submitted for RFC6749, > >> "The OAuth 2.0 Authorization Framework". > >> > >> -------------------------------------- > >> You may review the report below and at: > >> https://www.rfc-editor.org/errata/eid7715 > >> > >> -------------------------------------- > >> Type: Editorial > >> Reported by: Alex Wilson <hello@alexwilson.io> > >> > >> Section: 4.2.2.1 > >> > >> Original Text > >> ------------- > >> > >> HTTP/1.1 302 Found > >> Location: > https://client.example.com/cb#error=access_denied&state=xyz > >> > >> Corrected Text > >> -------------- > >> > >> HTTP/1.1 302 Found > >> Location: > https://client.example.com/cb?error=access_denied&state=xyz > >> > >> Notes > >> ----- > >> For query parameters, the hash should be a question mark. > >> > >> Instructions: > >> ------------- > >> This erratum is currently posted as "Reported". (If it is spam, it > >> will be removed shortly by the RFC Production Center.) Please > >> use "Reply All" to discuss whether it should be verified or > >> rejected. When a decision is reached, the verifying party > >> will log in to change the status and edit the report, if necessary. > >> > >> -------------------------------------- > >> RFC6749 (draft-ietf-oauth-v2-31) > >> -------------------------------------- > >> Title : The OAuth 2.0 Authorization Framework > >> Publication Date : October 2012 > >> Author(s) : D. Hardt, Ed. > >> Category : PROPOSED STANDARD > >> Source : Web Authorization Protocol > >> Area : Security > >> Stream : IETF > >> Verifying Party : IESG > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > >> > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > -- > _CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited.? If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you._ > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://mailarchive.ietf.org/arch/browse/oauth/attachments/20231129/97b4ee79/attachment.htm > > > > ------------------------------ > > Message: 3 > Date: Wed, 29 Nov 2023 11:41:17 -0700 > From: Brian Campbell <bcampbell@pingidentity.com> > To: RFC Errata System <rfc-editor@rfc-editor.org> > Cc: hello@alexwilson.io, oauth@ietf.org > Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7716) > Message-ID: > <CA+k3eCSV3B-KMePQtRKvO1= > NsK074TZz+EGq_BWt-sR374DKuw@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > This errata should also be rejected for reasons similar to > https://www.rfc-editor.org/errata/eid7715 - section 4.2.2 is about the > implicit flow, which returns parameters in the fragment part of the URL, > not query parameters. And that kind of consistency of hostname values in > examples does not warrant an errata. > > > > > On Wed, Nov 29, 2023 at 9:56?AM RFC Errata System < > rfc-editor@rfc-editor.org> > wrote: > > > The following errata report has been submitted for RFC6749, > > "The OAuth 2.0 Authorization Framework". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid7716 > > > > -------------------------------------- > > Type: Editorial > > Reported by: Alex Wilson <hello@alexwilson.io> > > > > Section: 4.2.2 > > > > Original Text > > ------------- > > For example, the authorization server redirects the user-agent by > > sending the following HTTP response (with extra line breaks for > > display purposes only): > > > > HTTP/1.1 302 Found > > Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA > > &state=xyz&token_type=example&expires_in=3600 > > > > > > Corrected Text > > -------------- > > For example, the authorization server redirects the user-agent by > > sending the following HTTP response (with extra line breaks for > > display purposes only): > > > > HTTP/1.1 302 Found > > Location: > > http://client.example.com/cb?access_token=2YotnFZFEjr1zCsicMWpAA > > &state=xyz&token_type=example&expires_in=3600 > > > > > > Notes > > ----- > > - Host example.com should be client.example.com to be consistent with > > other examples. > > - A hash is used for the query parameters when a question mark should > have > > been used. > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". (If it is spam, it > > will be removed shortly by the RFC Production Center.) Please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > will log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC6749 (draft-ietf-oauth-v2-31) > > -------------------------------------- > > Title : The OAuth 2.0 Authorization Framework > > Publication Date : October 2012 > > Author(s) : D. Hardt, Ed. > > Category : PROPOSED STANDARD > > Source : Web Authorization Protocol > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > -- > _CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited.? If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you._ > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://mailarchive.ietf.org/arch/browse/oauth/attachments/20231129/dbb1076d/attachment.htm > > > > ------------------------------ > > Message: 4 > Date: Wed, 29 Nov 2023 11:12:16 -0800 > From: Rebecca VanRheenen <rvanrheenen@amsl.com> > To: Roman Danyliw <rdd@cert.org> > Cc: hello@alexwilson.io, dick.hardt@gmail.com, oauth@ietf.org, RFC > Editor <rfc-editor@rfc-editor.org> > Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715) > Message-ID: <0E8810F4-55E6-42BD-A170-392D2F0742BC@amsl.com> > Content-Type: text/plain; charset=utf-8 > > Hi Roman, > > We are unable to verify this erratum that the submitter marked as > editorial. Please note that we have changed the ?Type? of the following > errata report to ?Technical?. As Stream Approver, please review and set > the Status and Type accordingly (see the definitions at > https://www.rfc-editor.org/errata-definitions/). > > You may review the report at: > https://www.rfc-editor.org/errata/eid7715 > > Please see https://www.rfc-editor.org/how-to-verify/ for further > information on how to verify errata reports. > > Further information on errata can be found at: > https://www.rfc-editor.org/errata.php > > Thank you. > > RFC Editor/rv > > > > On Nov 29, 2023, at 8:51 AM, RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > > > > The following errata report has been submitted for RFC6749, > > "The OAuth 2.0 Authorization Framework". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid7715 > > > > -------------------------------------- > > Type: Editorial > > Reported by: Alex Wilson <hello@alexwilson.io> > > > > Section: 4.2.2.1 > > > > Original Text > > ------------- > > > > HTTP/1.1 302 Found > > Location: https://client.example.com/cb#error=access_denied&state=xyz > > > > Corrected Text > > -------------- > > > > HTTP/1.1 302 Found > > Location: https://client.example.com/cb?error=access_denied&state=xyz > > > > Notes > > ----- > > For query parameters, the hash should be a question mark. > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". (If it is spam, it > > will be removed shortly by the RFC Production Center.) Please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > will log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC6749 (draft-ietf-oauth-v2-31) > > -------------------------------------- > > Title : The OAuth 2.0 Authorization Framework > > Publication Date : October 2012 > > Author(s) : D. Hardt, Ed. > > Category : PROPOSED STANDARD > > Source : Web Authorization Protocol > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > ------------------------------ > > End of OAuth Digest, Vol 181, Issue 55 > ************************************** >
- Re: [OAUTH-WG] OAuth Digest, Vol 181, Issue 55 Hethm Almamoon