Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
Brian Campbell <bcampbell@pingidentity.com> Tue, 30 November 2021 18:32 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498BF3A1498 for <oauth@ietfa.amsl.com>; Tue, 30 Nov 2021 10:32:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OplTk0gOEC1r for <oauth@ietfa.amsl.com>; Tue, 30 Nov 2021 10:32:12 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FA3A3A1495 for <oauth@ietf.org>; Tue, 30 Nov 2021 10:32:12 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id v15so43014807ljc.0 for <oauth@ietf.org>; Tue, 30 Nov 2021 10:32:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DpKUZCrlJpjy0mlhUYF+Y1qQq41R1CYo2k2Bt1rMwpM=; b=RH4MSb2wjFs1Kny/5zLS9Qs3LTE4NBXjQ9aK3MMoI9T0g3V3Q/f3MSt2S8XDKfm30a UAusQsgP3GBm7WnPyEyolqJcW1HZ69wsb2mzzKthVYwEuRJDzYdv0LEuDAOESDlbzvQl eE0xzbt78WToMTw5Ku3wfrQwVWhQwhFUjJhypqme3kRip593x1O575emB96JTiFO7YI4 usAcY3uvX5DRbqFeDkaotfKiqa5/e0iytTdUZQRpXhDJKomQbR/C2o35LfE7BUBq7YMz nypkBc84BPYr8vEafFJk1MCU8Fq9EuycuQnh0spujOLbhKI6vthBbM5yjbUODwNJ+18H +H2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DpKUZCrlJpjy0mlhUYF+Y1qQq41R1CYo2k2Bt1rMwpM=; b=14AwhJSRcGikfpl7/Niq/+jdGc+o+iED1UibzQD3QdmrQT9YaAnAnFWSqmxsxfRdFt JTpNLt6Ed8OKXbDw5Lvx8p7kj9uY1H/XxSrsNRRUa49IVRZ+EQgc9ej0AllzLMrAzgeM FvclYG3BWGME0kUPzlZNTSAZuYRjDUJUxEKhtPGMadPxY4CpQMZUWJ20I/RjV0kNN4zf eI8HvzlWtag0xBuz5xfgaVK2cVwq9PAuGe1aRjn2bSlBRQWrcj5t+k75YMSnhgxTrOro FpEpG9a1uAvpGxW8WIpluBv3JCEn4tOojvgqLR+WKnmHg+mQ8VAEuWJG+tWK2oZGiJQs QvqA==
X-Gm-Message-State: AOAM530OzUT44ECeSvYQ6RMS2fZO2ERQ3SYFkIikLqcqv6LyIIF1hRBs U9Hd98A56MKW+JBdLdVr7+SBmyMgEc13QLk7tsatBIPRZxknHsEAuSZpx/CTUmjsAp02Z9yGJhw t7lZfRmqYa3xDYg==
X-Google-Smtp-Source: ABdhPJygpdtpbsq6qPyNg/DZCnDAh24T1l6MexwFSU4qpqB+TKvYae2t0Cbt+WJsZKTV2HGzlklUNsIb2kQ89NuwdTs=
X-Received: by 2002:a2e:a404:: with SMTP id p4mr645623ljn.78.1638297129314; Tue, 30 Nov 2021 10:32:09 -0800 (PST)
MIME-Version: 1.0
References: <163822088838.18976.10538179060671617456@ietfa.amsl.com>
In-Reply-To: <163822088838.18976.10538179060671617456@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 30 Nov 2021 11:31:43 -0700
Message-ID: <CA+k3eCTNzy89q6-w_1b2dzk+FKk0DuMONtE3cFRYYnNn1BdTcQ@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: The IESG <iesg@ietf.org>, oauth@ietf.org, draft-ietf-oauth-iss-auth-resp@ietf.org, oauth-chairs@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006e116505d205c610"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_fktFp-vgFx4eo6h42EYDCGgjow>
Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2021 18:32:18 -0000
I strongly believe the use of 'iss' as the parameter name here is correct and appropriate. This draft isn't using it for something different - the parameter carries an identifier for the sender of the message, which is consistent in the context of use with the existing registry entry. Codifying the parameter name is central to the value of this draft and there are existing implementations/deployments using it. Changing the name now would be a breaking change with significant ramifications on interoperability. The organization of the registry is arguably less than ideal, yes. But that shouldn't force an unnecessary and costly change onto this simple draft that's addressing a real need. This draft should update the existing entry for 'iss' rather than replace it. On Mon, Nov 29, 2021 at 2:21 PM Francesca Palombini via Datatracker < noreply@ietf.org> wrote: > Francesca Palombini has entered the following ballot position for > draft-ietf-oauth-iss-auth-resp-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work on this document. > > Many thanks to Julian Reschke for the ART ART review: > https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/. > > I have one DISCUSS point that has to do with IANA considerations, and is > hopefully easy to resolve. > > Francesca > > 1. ----- > > FP: I am sure the Designated Expert will bring this up, but "iss" is > already > defined as a OAuth Parameter, for authorization requests. I don't think > it's a > good idea to use the same parameter name, although in a different message > of > the exchange, for something different, as the registration defined in > Section > 5.2 seems to imply. I strongly recommend to change the name in this > document. > Or, if we can agree that the meaning is similar enough to the original > "iss", > merge the two IANA registrations (this would not be my preferred choice). > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Francesca Palombini's Discuss on draft… Francesca Palombini via Datatracker
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Warren Parad
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Brian Campbell
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Francesca Palombini
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Daniel Fett