Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft
Brian Campbell <bcampbell@pingidentity.com> Wed, 19 August 2020 19:23 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D42D3A0D7B for <oauth@ietfa.amsl.com>; Wed, 19 Aug 2020 12:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fcKnq7ybhbV for <oauth@ietfa.amsl.com>; Wed, 19 Aug 2020 12:23:28 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D533A0D79 for <oauth@ietf.org>; Wed, 19 Aug 2020 12:23:27 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id m22so26623800ljj.5 for <oauth@ietf.org>; Wed, 19 Aug 2020 12:23:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PouhgA6tY5JVGQcwOEl8IlLL1OGSdpezsuGIHVa771s=; b=UKWOvd3NQW5c6YgrAqLxfvJpB7wIUO+OjxO5sAkGeS1eHWBcSPw0JKNmzv8i6iQiQ3 91Ohlmo/2h7urQbK+heTeyOoAwr31ekxdGBIb+nTT0WgA5iWRQb4bPgqKMQjsrzGUZvt cMYi0cI2znrTxGCon2SS4dvX5VZMgiawR8fxBH355mMGrbz2O5MVa6mkTIdQeq0gok0f SYvDmSEcj0FNr+LoO6SvLQNpfxR6odXiVU+8DIcAbG53W2znAzFz4ulgnlhIma15jXuP RGEfJORLbA2jz4pqH7y9Onws08Mb5n39TcmBitLNsLDNdoE788ozoBKwubkWYTvvMrx+ pZRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PouhgA6tY5JVGQcwOEl8IlLL1OGSdpezsuGIHVa771s=; b=JQ3aI4fOR8WY6EWj1ADW6hXnNw/zuW04xzEFZAYTXXdZALO3P9kK8lqsIg0I/MJJqS lZHFDXLagUwmXT7k6wyHjFajiLqHPJcVG7i4s7YxaXV6utoNLqgjjccUZT7oIGVty7yY H+qVnuDnbuXJFTAPRmmpq18Eny0o0yv1S/wftk8JkqGUPLwQo4Lcxj39RXvnymOf8hfw GGoda4sD1QcfdIEJk5C2j5wRWrYASmHwtFjBClCetyaIr80Jxcs5FSBYlQy3OPthelVt Kq1fc8BALCgpa6n4gCdzg317p9sjsWF+RJAYng4r3KNWxCQsT6+NxAaYPm5G42bnJqKU GK+Q==
X-Gm-Message-State: AOAM532xXQfSps9J9gi5QNRZpIBTCPXaLQ/YQsQGXeWrIXCtvUFpvRnm OqYDvrIe+8eaecjQsyON9ZTuReKXziLmfTklXDd7Kxqh/hMMWIAykyVz29/nKn3qgjhgiO5i5sx IcR3RHqKUA+6SAg==
X-Google-Smtp-Source: ABdhPJyjQGeNfkhxOsct6HAoX/kqXTOnYoG4eDUZW3DZ5bT94mA0sBYAzbkrxEs8cxKyZWMnqMkp5bggzB9VVrUpPgA=
X-Received: by 2002:a05:651c:1291:: with SMTP id 17mr13644575ljc.366.1597865005915; Wed, 19 Aug 2020 12:23:25 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com> <efc8e833-c3e0-eacb-7d6a-de37df17aa0c@hackmanit.de>
In-Reply-To: <efc8e833-c3e0-eacb-7d6a-de37df17aa0c@hackmanit.de>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 19 Aug 2020 13:22:58 -0600
Message-ID: <CA+k3eCRp1DpoYt3OivUpWTTDRwWkYJ+_HMhiYtD35yR4PTrdZQ@mail.gmail.com>
To: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000013c1e505ad3ff05d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Vti1hc_pzvnaHlMomB7ORiMyvmQ>
Subject: Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 19:23:30 -0000
Thanks for the review, Karsten. We'll incorporate your suggestions into the next revision of the draft. On Wed, Aug 19, 2020 at 3:41 AM Karsten Meyer zu Selhausen < karsten.meyerzuselhausen@hackmanit.de> wrote: > Hi all, > > I have two very small suggestions which I also raised as issues on Github: > > 1. There are no hints in front of example requests/responses if extra > line breaks are used for display purposes. I think hints such as "(with > extra line breaks for display purposes only)" should be added to the > examples. (#64 > <https://github.com/oauthstuff/draft-oauth-par/issues/64>) > 2. In section 3 there is a typo in step 2. I think it should be "*Validate > *the request object signature as specified in JAR > [I-D.ietf-oauth-jwsreq], section 6.2." instead of "*Validates *the > ...". The imperative is used in step 1, as well. (#65 > <https://github.com/oauthstuff/draft-oauth-par/issues/65>) > > Best regards; > Karsten > On 12.08.2020 00:07, Rifaat Shekh-Yusef wrote: > > All, > > This is a WGLC on the *Pushed Authorization Requests *document: > https://www.ietf.org/id/draft-ietf-oauth-par-03.html > > Please, take a look and provide feedback on the list by *August 25th.* > > Regards, > Rifaat & Hannes > > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > -- > Karsten Meyer zu Selhausen > IT Security Consultant > Phone: +49 (0)234 / 54456499 > Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training > > Unsere nächste Live Online-Schulung zur Sicherheit von OAuth und OpenID Connect am 24.09 + 25.09:https://hackmanit.de/de/schulungen/109-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-24-und-25-09-2020 > > Hackmanit GmbH > Universitätsstraße 60 (Exzenterhaus) > 44789 Bochum > > Registergericht: Amtsgericht Bochum, HRB 14896 > Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] WGLC on Pushed Authorization Requests … Rifaat Shekh-Yusef
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Joseph Heenan
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Brian Campbell
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Brian Campbell
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Brian Campbell
- Re: [OAUTH-WG] WGLC on Pushed Authorization Reque… Denis