Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21
Phillip Hunt <phil.hunt@oracle.com> Fri, 16 September 2011 19:49 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35D2121F8CF5 for <oauth@ietfa.amsl.com>; Fri, 16 Sep 2011 12:49:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.259
X-Spam-Level:
X-Spam-Status: No, score=-5.259 tagged_above=-999 required=5 tests=[AWL=1.340, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UaMQIuWJGpWw for <oauth@ietfa.amsl.com>; Fri, 16 Sep 2011 12:49:10 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id F2D0921F8CF1 for <oauth@ietf.org>; Fri, 16 Sep 2011 12:49:09 -0700 (PDT)
Received: from rtcsinet22.oracle.com (rtcsinet22.oracle.com [66.248.204.30]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p8GJpG17030565 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 16 Sep 2011 19:51:18 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by rtcsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p8GJpFug023727 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Sep 2011 19:51:16 GMT
Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p8GJp904032184; Fri, 16 Sep 2011 14:51:10 -0500
Received: from [192.168.1.67] (/24.85.235.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 16 Sep 2011 12:51:09 -0700
References: <CALaySJJwhNXH19uOK+Cdy_WoJmfAN0msrPE2edFZHYbZCmRXYA@mail.gmail.com> <4E739EC8.4080309@lodderstedt.net>
In-Reply-To: <4E739EC8.4080309@lodderstedt.net>
Mime-Version: 1.0 (iPhone Mail 8L1)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Message-Id: <C44AA2DF-7396-4406-A07B-AA803B60D261@oracle.com>
X-Mailer: iPhone Mail (8L1)
From: Phillip Hunt <phil.hunt@oracle.com>
Date: Fri, 16 Sep 2011 12:51:06 -0700
To: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Source-IP: rtcsinet22.oracle.com [66.248.204.30]
X-CT-RefId: str=0001.0A090205.4E73A8B7.0027,ss=1,re=0.000,fgs=0
Cc: Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2011 19:49:11 -0000
Agreed. Phil On 2011-09-16, at 12:08, Torsten Lodderstedt <torsten@lodderstedt.net> wrote: > I reviewed the diffs and it looks ok. > > regards, > Torsten. > > Am 07.09.2011 17:59, schrieb Barry Leiba: >> As you've all probably seen, Eran has posted version 21 of the OAuth >> base spec, in which he believes he's addressed all comments and issues >> that came up in the review of version 20. We should be ready to send >> this to the IESG. >> >> Everyone who had comments or issues, please review -21 and make sure >> that your concerns have been handled to your satisfaction (or that >> there was no consensus to make a change). And we encourage everyone >> to review the changes from -20 to -21, to make sure Eran didn't >> inadvertently break anything along the way. >> >> The -21 is here: http://tools.ietf.org/html/draft-ietf-oauth-v2-21 >> And diffs from -20 can be found here: >> http://tools.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-21.txt >> >> We'll give it until the end of next week, while I work on the shepherd >> writeup. Comments, please, by 16 September. A few affirmative notes >> saying, "Yes, I reviewed it and it looks good," will also be helpful. >> Keep in mind, as you review, that pet changes are out of scope at this >> point. We're just reviewing -21 to make sure (1) it doesn't break >> anything from -20, and (2) it isn't missing anything that was brought >> up in WGLC. New issues will have to be very serious, indeed, in order >> to be considered now. >> >> Also, a note on the thread that Mike Thomas started about the OAuth >> problem statement and threats: >> I did encourage him to start the discussion, and I think it can be a >> useful conversation. I do NOT think it will or should result in a >> change to the base spec, but it might feed into the threat model >> document (draft-ietf-oauth-v2-threatmodel), as Torsten, et al, move >> that toward completion. Remember that the base spec encourages >> readers to refer to the threat model document for more detailed >> descriptions of threats and attacks. >> >> Barry, as chair >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21 Phillip Hunt
- [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21 Barry Leiba
- Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21 Torsten Lodderstedt