Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
Warren Parad <wparad@rhosys.ch> Tue, 30 November 2021 10:33 UTC
Return-Path: <wparad@rhosys.ch>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E0643A11F3 for <oauth@ietfa.amsl.com>; Tue, 30 Nov 2021 02:33:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rhosys.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eaer2fBJtxEm for <oauth@ietfa.amsl.com>; Tue, 30 Nov 2021 02:33:28 -0800 (PST)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D96223A11ED for <oauth@ietf.org>; Tue, 30 Nov 2021 02:33:27 -0800 (PST)
Received: by mail-yb1-xb2e.google.com with SMTP id g17so51097255ybe.13 for <oauth@ietf.org>; Tue, 30 Nov 2021 02:33:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhosys.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qjykwBuxZZcLc5Ioncg6VyqWyXMrpHXTTE3pEj86yWI=; b=hfX54yJleqsvYLpfA1JZAT5/mPzi29xqS329S7FZMRaQ1uAMRS5YXmYz65/EWH6rh3 D4VbJaQcJv2Kj9EkFzbzrDnp+8q3mSB2cdgHCsCy5IGJLxFBDlgC8z83fEXmXa3mmViQ jeR3+foPK4K4u94D6OWf7KPirHxFif4kJle961kSkIz3JjuMrWXDnRxWdetDSrXkRhAY Kzk4aeT8BKrd7eUTQfe9XZA5SgyUzWcgJUvG++ey62OWKPQqsAWyeAa8qw4bvQW3yXVL 0dNUeEIv915BIisTZsvoo6YRLIbrNWqiAZcaC63wwKZwF3YP1R5gBjyh360bkzRgeWcX UOnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qjykwBuxZZcLc5Ioncg6VyqWyXMrpHXTTE3pEj86yWI=; b=DuhY/sBDmldng8Lhfy2rGoLk4tcnUCMrm16crL3IIL2gnniGHTURtkqKfuJgMr3dB6 EIQS+t7Bse2oEaCxpHbSiIfomspJ1ZAe1sXhajXFlVh82yI7BepnNn6VDh9B3wzK5adl NiO6IlIVbyBRc4pt23cODv2udJQ2dMt8xbyk3xY3cYwlH1A9uAaEjn45zL1sd7SgR2T/ 2drbb7A/AuJ1U31DAkOf8ojsYZl6q+rBDaaV6gIzuRRTECZrkkuqBFDeyQfWnrcpDGv5 o6MeOMeDs9VWHlRfNW33lD3eN7XyTfgtJhSvLMnJlfa9tTADzGrzoz6px5GFRlH9kGJ+ DFDg==
X-Gm-Message-State: AOAM530uDu9hNaTNFs7zk7DIuDGulc+bhBYVWgvCplQXbfQfZ51kMYZm sKkOEXJa6xa1xqxOWNL4X4fDq38CfOeihAUiwHjE
X-Google-Smtp-Source: ABdhPJzHKCffRoff1V5C4/l0kbMTdXaW42vwpLvTcE6ibNb1u+CITi08zosUmAtFtAgWSedAMNrsQQFXF9N85bIKBCY=
X-Received: by 2002:a25:2304:: with SMTP id j4mr40340571ybj.359.1638268406006; Tue, 30 Nov 2021 02:33:26 -0800 (PST)
MIME-Version: 1.0
References: <163822088838.18976.10538179060671617456@ietfa.amsl.com>
In-Reply-To: <163822088838.18976.10538179060671617456@ietfa.amsl.com>
From: Warren Parad <wparad@rhosys.ch>
Date: Tue, 30 Nov 2021 11:33:15 +0100
Message-ID: <CAJot-L1c0=-BoqE56OBaYWv_DqWuZntp7Qbm8-UYmC6-qcyMHw@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: The IESG <iesg@ietf.org>, oauth <oauth@ietf.org>, draft-ietf-oauth-iss-auth-resp@ietf.org, oauth-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000631f2d05d1ff162c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dHCsiusaItWWqg944Qiv3N-bBiI>
Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2021 10:33:34 -0000
The use of *iss* is correct here, and while it could be changed it isn't clear why it should be. Given the current parameter registry format, it should be merged. I think the source of the issue is that the format of the registry is confusing (at least for me), I would prefer to see it organized by usage location, not by parameter name and then this wouldn't be an issue. But that's not up for discussion, right? Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Mon, Nov 29, 2021 at 10:21 PM Francesca Palombini via Datatracker < noreply@ietf.org> wrote: > Francesca Palombini has entered the following ballot position for > draft-ietf-oauth-iss-auth-resp-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work on this document. > > Many thanks to Julian Reschke for the ART ART review: > https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/. > > I have one DISCUSS point that has to do with IANA considerations, and is > hopefully easy to resolve. > > Francesca > > 1. ----- > > FP: I am sure the Designated Expert will bring this up, but "iss" is > already > defined as a OAuth Parameter, for authorization requests. I don't think > it's a > good idea to use the same parameter name, although in a different message > of > the exchange, for something different, as the registration defined in > Section > 5.2 seems to imply. I strongly recommend to change the name in this > document. > Or, if we can agree that the meaning is similar enough to the original > "iss", > merge the two IANA registrations (this would not be my preferred choice). > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Francesca Palombini's Discuss on draft… Francesca Palombini via Datatracker
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Warren Parad
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Brian Campbell
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Francesca Palombini
- Re: [OAUTH-WG] Francesca Palombini's Discuss on d… Daniel Fett