Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
Daniel Fett <fett@danielfett.de> Thu, 02 December 2021 12:22 UTC
Return-Path: <fett@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6500E3A10A1; Thu, 2 Dec 2021 04:22:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FB89YrZvMLsv; Thu, 2 Dec 2021 04:22:28 -0800 (PST)
Received: from d3f.me (redstone.d3f.me [5.9.29.41]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C933A1081; Thu, 2 Dec 2021 04:22:27 -0800 (PST)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by d3f.me (Postfix) with ESMTPA id 705596579; Thu, 2 Dec 2021 12:22:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1638447745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BksYrRE1+Z9p4jV4lXuAug9dq44jgDTTaMG1D/ZIiFI=; b=O8CU6K4I2gI7EtfOdj6TnS4h83ua61t1ILUCdk408cbtVzRHtLYw2ME0MXZc/iwXnHb+Nl BziDzGP4gV9GW4WLiN2DtkLTnEmyedZFLlJREipdoCvy+PFkjEBoInuO9EAMhkreqZBE2i NlrvgvRLq376i37p4CcTDwDCylnqSfU=
To: Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>, Brian Campbell <bcampbell@pingidentity.com>, Warren Parad <wparad@rhosys.ch>
Cc: "draft-ietf-oauth-iss-auth-resp@ietf.org" <draft-ietf-oauth-iss-auth-resp@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, The IESG <iesg@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
References: <163822088838.18976.10538179060671617456@ietfa.amsl.com> <CA+k3eCTNzy89q6-w_1b2dzk+FKk0DuMONtE3cFRYYnNn1BdTcQ@mail.gmail.com> <HE1PR07MB42177636B01D3A4492D837AA98679@HE1PR07MB4217.eurprd07.prod.outlook.com>
From: Daniel Fett <fett@danielfett.de>
Message-ID: <ab0f78b6-7fec-9f53-fafb-76c86506d8cc@danielfett.de>
Date: Thu, 02 Dec 2021 13:22:23 +0100
MIME-Version: 1.0
In-Reply-To: <HE1PR07MB42177636B01D3A4492D837AA98679@HE1PR07MB4217.eurprd07.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------8C9D2DC0085BF3284588E07D"
Content-Language: de-DE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1638447745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BksYrRE1+Z9p4jV4lXuAug9dq44jgDTTaMG1D/ZIiFI=; b=JBQpTOZdUqxeA4cP0z9sOTfuNyYxNzopi+ZyoXNB70fQIsbBxU01mJyYQxCilH7fSlCZUv tYTt4YACTG2GDkEBF+pU5x4fZDAUqe7ZYPSKBp6/BsVPRubD6WhBpiHEzSAKEuLMchn2V3 Vfj9GlYmwoSKi9ZDyT6TKb5JRif1uhw=
ARC-Seal: i=1; s=dkim; d=danielfett.de; t=1638447745; a=rsa-sha256; cv=none; b=lXpi/kXjAfj3gqvREwaauhcKVU8Doy8THYyAhIlCqHGh6shejEHPVY6qKOIFO5Fj83VRzV miA2GeUzS04V6HEH/5PxhSJgddppjEabzLGg6TKHkcnUuXvNS5AqvHtpFVaLedkRwjL6L+ 3RF+Iliu7q+BI+em+fcDxpV7QxhYxJ4=
ARC-Authentication-Results: i=1; d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
Authentication-Results: d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
X-Spamd-Bar: ---
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_TGNv0-yBhS6VdAkzQ93ZHxbQRc>
Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2021 12:22:33 -0000
Hi Francesca, Warren, Brian, we have modified the IANA Considerations section in the just uploaded version -04 according to your feedback. -Daniel Am 30.11.21 um 19:42 schrieb Francesca Palombini: > > Hi Warren, Brian, > > > > Thanks for your feedback, and for confirming that the semantics of the > existing “iss” match those of the draft. In that case, I agree with > you that the best resolution is to merge the two (so – update the > existing registration so that it also points to this document, and > indicates it can also appear in the authorization response). > > > > I’ll remove my DISCUSS when the IANA update is done. > > > > Thanks, > Francesca > > > > *From: *Brian Campbell <bcampbell@pingidentity.com> > *Date: *Tuesday, 30 November 2021 at 19:32 > *To: *Francesca Palombini <francesca.palombini@ericsson.com> > *Cc: *The IESG <iesg@ietf.org>, oauth@ietf.org <oauth@ietf.org>, > draft-ietf-oauth-iss-auth-resp@ietf.org > <draft-ietf-oauth-iss-auth-resp@ietf.org>, oauth-chairs@ietf.org > <oauth-chairs@ietf.org> > *Subject: *Re: [OAUTH-WG] Francesca Palombini's Discuss on > draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS) > > I strongly believe the use of 'iss' as the parameter name here is > correct and appropriate. This draft isn't using it for something > different - the parameter carries an identifier for the sender of the > message, which is consistent in the context of use with the existing > registry entry. > > > > Codifying the parameter name is central to the value of this draft and > there are existing implementations/deployments using it. Changing the > name now would be a breaking change with significant ramifications on > interoperability. > > > > The organization of the registry is arguably less than ideal, yes. But > that shouldn't force an unnecessary and costly change onto this simple > draft that's addressing a real need. This draft should update the > existing entry for 'iss' rather than replace it. > > > > On Mon, Nov 29, 2021 at 2:21 PM Francesca Palombini via Datatracker > <noreply@ietf.org <mailto:noreply@ietf.org>> wrote: > > Francesca Palombini has entered the following ballot position for > draft-ietf-oauth-iss-auth-resp-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut > this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/blog/handling-iesg-ballot-positions/ > <https://www.ietf.org/blog/handling-iesg-ballot-positions/> > for more information about how to handle DISCUSS and COMMENT > positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > <https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/> > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work on this document. > > Many thanks to Julian Reschke for the ART ART review: > https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/ > <https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/>. > > I have one DISCUSS point that has to do with IANA considerations, > and is > hopefully easy to resolve. > > Francesca > > 1. ----- > > FP: I am sure the Designated Expert will bring this up, but "iss" > is already > defined as a OAuth Parameter, for authorization requests. I don't > think it's a > good idea to use the same parameter name, although in a different > message of > the exchange, for something different, as the registration defined > in Section > 5.2 seems to imply. I strongly recommend to change the name in > this document. > Or, if we can agree that the meaning is similar enough to the > original "iss", > merge the two IANA registrations (this would not be my preferred > choice). > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > */CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly > prohibited. If you have received this communication in error, please > notify the sender immediately by e-mail and delete the message and any > file attachments from your computer. Thank you./* > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- https://danielfett.de
- [OAUTH-WG] Francesca Palombini's Discuss on draft… Francesca Palombini via Datatracker
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Warren Parad
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Brian Campbell
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Francesca Palombini
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Daniel Fett