[OAUTH-WG] REVISED Last Call: <draft-ietf-oauth-v2-23.txt> (The OAuth 2.0 Authorization Protocol) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Tue, 24 January 2012 14:59 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A1B421F85B6; Tue, 24 Jan 2012 06:59:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gur1XRT6h3lM; Tue, 24 Jan 2012 06:59:08 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A325521F84F7; Tue, 24 Jan 2012 06:59:08 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 3.64p1
Message-ID: <20120124145908.1516.77776.idtracker@ietfa.amsl.com>
Date: Tue, 24 Jan 2012 06:59:08 -0800
Cc: oauth@ietf.org
Subject: [OAUTH-WG] REVISED Last Call: <draft-ietf-oauth-v2-23.txt> (The OAuth 2.0 Authorization Protocol) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 14:59:09 -0000

The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'The OAuth 2.0 Authorization Protocol'
  <draft-ietf-oauth-v2-23.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-02-07. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   The OAuth 2.0 authorization protocol enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and the HTTP service, or by allowing the
   third-party application to obtain access on its own behalf.  This
   specification replaces and obsoletes the OAuth 1.0 protocol described
   in RFC 5849.

There are a few downrefs to note:

* There is a normative reference to RFC 1750, which will be updated to
point to RFC 4086 before publication.

* There is a normative reference to RFC 2246 (TLS 1.0), which has been
obsoleted by RFC 5246 (TLS 1.2).  The document uses this reference to
note that TLS 1.0 is, at this writing, the most widely deployed
version.  The working group believes it is necessary to note that, and
that the reference be normative.

* There is a normative reference to Informational RFC 2818 (HTTP over 
TLS). This is an allowed downref.

* There is a normative reference to Informational RFC 4627
(application/json Media Type). This is an allowed downref.


* There is a normative reference to Informational RFC 4949 (Internet
Security Glossary).  This is an allowed downref.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2/


No IPR declarations have been submitted directly on this I-D.