Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft

Joseph Heenan <joseph@authlete.com> Thu, 13 August 2020 00:07 UTC

Return-Path: <joseph@authlete.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FD7C3A0DF9 for <oauth@ietfa.amsl.com>; Wed, 12 Aug 2020 17:07:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=authlete-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwoBugYI_GJR for <oauth@ietfa.amsl.com>; Wed, 12 Aug 2020 17:07:50 -0700 (PDT)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35CB83A0E47 for <oauth@ietf.org>; Wed, 12 Aug 2020 17:07:50 -0700 (PDT)
Received: by mail-wr1-x430.google.com with SMTP id r4so3606762wrx.9 for <oauth@ietf.org>; Wed, 12 Aug 2020 17:07:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=authlete-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=SgDeCLA7Np4zNueUHZdcyM76QsoPkq+ApsRC/CedlDM=; b=JpOeA0O5YavbslOZFbDWfUSXm6xnGH4EvPyyYuu6TUPc97cVRw99WJFZqSYE6UAi/t lVVUSxNtduvhOzHF3NT0XiWPgby93YMs6a8qfGPDEXgYKLSuhA8RVLw9kTgkcWsiUUjf sIKp1eUFRAcOSyTEn/J3gVolPsnqEyHOg6T6obv5XrkFHqWbUQ4jZJ7drYd2+5qL/iWp DccKRBR7FJQ7R+mQhI/Ja29nHckMuqfNjx2O7hw4v7C2v7dP9kolaBZx4QJufW3/r76T umCK6cS+7SP4xquTGDXEvHOPsSRoEyIEYRhoFjACAAu4d14B3Xnczz8HH4DAeUxq3bTq GvlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=SgDeCLA7Np4zNueUHZdcyM76QsoPkq+ApsRC/CedlDM=; b=p2JzXynMVWA9h7wQJ/r03S7lKDB9QWJvY+vzmO0nAsOBbF0n4OVHQDOYei9xDuvkii GzEmFO+KuozQNxKXt5z/fE3x5/wRHxy3GUrP4fuiUkjSYJaVWDmRgD4HC4FuTEMB2UJG svuKtudI41O63sGHM+BBOq9ZwD2WEWccxlPehtyWGBrqG9+7ClnSdRFlQtDFfwMQRWhM KS+c+LFbIKGDR+eyay1a7NGt0cOV96LUAI/kEqgPnUZfvrPaMVw4I7e6464f2zr4ZOqZ WI3DikUhq+4p/voomkctMCGOgNlGIXLZIZQlsVYdGdfmZ+S+5w7ux/QP8s+RHEgGISPA /GRw==
X-Gm-Message-State: AOAM533nRDliGyggV5F5MEN6pGzveSdDg+8P5WfXN+Firqv5uA59Nzxk DeIiS7BzzATtZW2kozJVQh2JWzYCKvkJaA==
X-Google-Smtp-Source: ABdhPJxWhowwWbQe4B+crvvIaKD6hdkbwQ2USKLtfiwV2OQiY/Tb0Md4IukLZXFHAJuLXP18j+oGNw==
X-Received: by 2002:a5d:5641:: with SMTP id j1mr1357549wrw.399.1597277268299; Wed, 12 Aug 2020 17:07:48 -0700 (PDT)
Received: from [192.168.1.112] (home.heenan.me.uk. [212.159.108.133]) by smtp.gmail.com with ESMTPSA id x2sm7492515wrg.73.2020.08.12.17.07.47 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Aug 2020 17:07:47 -0700 (PDT)
From: Joseph Heenan <joseph@authlete.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D34D71AA-7415-4885-8E03-DC45E2FB3DED"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 13 Aug 2020 01:07:47 +0100
References: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com>
To: oauth <oauth@ietf.org>
In-Reply-To: <CADNypP8QkcjcMpfug-GnbTP1ODUu+LgrSx-MTjVeQztbivGbhA@mail.gmail.com>
Message-Id: <334EDEFB-AE33-4A19-9F2F-4C8158597C5C@authlete.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/bk7M1cufsuCsxDCV9kNxM23pHzE>
Subject: Re: [OAUTH-WG] WGLC on Pushed Authorization Requests draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 00:07:52 -0000

Thanks Rifaat, Hannes, and also thanks to all the authors.

I’ve been through the latest spec and it basically looks great to me; I raised 3 minor niggles under https://github.com/oauthstuff/draft-oauth-par/issues <https://github.com/oauthstuff/draft-oauth-par/issues>

https://github.com/oauthstuff/draft-oauth-par/issues/59 <https://github.com/oauthstuff/draft-oauth-par/issues/59> - possible ambiguity in the text around error responses from new endpoint

https://github.com/oauthstuff/draft-oauth-par/issues/62 <https://github.com/oauthstuff/draft-oauth-par/issues/62> & https://github.com/oauthstuff/draft-oauth-par/issues/63 <https://github.com/oauthstuff/draft-oauth-par/issues/63> - minor typographical points


For info, Authlete has at least one deployed implementation of this spec.

Authlete has also assisted in getting tests for PAR added to the Open ID Foundation FAPI Certification test suite for Authorization Servers, and (although there’s still a few niggles in the tests to work out) the tests seem to interoperate with Authlete, Filip’s node-oidc-provider and a Ping implementation fine. (Many thanks to Filip & Ping for testing them! If anyone else would like to try them please let me know.)

Thanks

Joseph

> 
> On 11 Aug 2020, at 23:07, Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> wrote:
> 
> All,
> 
> This is a WGLC on the Pushed Authorization Requests document:
> https://www.ietf.org/id/draft-ietf-oauth-par-03.html <https://www.ietf.org/id/draft-ietf-oauth-par-03.html>
> 
> Please, take a look and provide feedback on the list by August 25th.
> 
> Regards,
>  Rifaat & Hannes
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth