[OAUTH-WG] OAuth Authorization Server Metadata spec addressing IESG feedback

Mike Jones <Michael.Jones@microsoft.com> Wed, 28 February 2018 00:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6F812D954 for <oauth@ietfa.amsl.com>; Tue, 27 Feb 2018 16:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9nhOeWLlKxS for <oauth@ietfa.amsl.com>; Tue, 27 Feb 2018 16:33:01 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0116.outbound.protection.outlook.com [104.47.34.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3C0712EAC9 for <oauth@ietf.org>; Tue, 27 Feb 2018 16:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DMYQq9Bx179lJycKNiShtaAiIufk7uchT+/wFmy0OeI=; b=I3fj0A1JAXkCyAbYhqEmaEnBfRZKvDHZQ7AxlbxgUXzhtlklD5+kyhWBJMOYhpu5ct4JQFDPDL7efJDt7EyhsFpG8r6IOu+Tp+6OZl0wYGOxqnK0UKg/gureXKxy+MmQEC4IPfJgbb2YclANQcpXJ/EBAOLmU89W3MG27Uf0o9c=
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB1006.namprd21.prod.outlook.com (52.132.117.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.3; Wed, 28 Feb 2018 00:33:00 +0000
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Wed, 28 Feb 2018 00:33:00 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
CC: Adam Roach <adam@nostrum.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, Ben Campbell <ben@nostrum.com>, Eric Rescorla <ekr@rtfm.com>
Thread-Topic: OAuth Authorization Server Metadata spec addressing IESG feedback
Thread-Index: AdOwKaRvD0zuzLUkRJmerF1eR4/E3A==
Date: Wed, 28 Feb 2018 00:32:59 +0000
Message-ID: <SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70@SN6PR2101MB0943.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-28T00:32:58.5709178Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:b::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB1006; 7:KkDxfrzJ7mS8zjO7VvcGLBTZ8hchl/A7ABdZ8V2xme2S8CLqYatJzTZVAFEUESVE69nIPF5s/75A1u7G5gwxcZpyIOfsGV0clDmO1Et/BMgdSd1V9byQZRlaRG0z0LomfQ6s/OVANhmRKA4XhcBWE+JMureLHq8bNbgoO/Ls/c3yMFRS/qoB1ETIjXI79wm62Q697vwXZX2LKltNtYhgsqKxcgHmhIUV/FkFS7l+J1RfLnHsIJ6TRYyKn1M1M3Ur
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 75e0ff51-486f-4907-8429-08d57e42d21a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:SN6PR2101MB1006;
x-ms-traffictypediagnostic: SN6PR2101MB1006:
x-microsoft-antispam-prvs: <SN6PR2101MB10068EFF09B64F128655C401F5C70@SN6PR2101MB1006.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(31418570063057)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(5005006)(8121501046)(3231220)(944501209)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:SN6PR2101MB1006; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB1006;
x-forefront-prvs: 0597911EE1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(39380400002)(396003)(346002)(366004)(209900001)(199004)(189003)(6916009)(9686003)(54896002)(22452003)(81156014)(55016002)(8936002)(6506007)(102836004)(6306002)(3280700002)(8666007)(966005)(6346003)(1730700003)(59450400001)(5630700001)(236005)(316002)(86612001)(81166006)(105586002)(8676002)(54906003)(5250100002)(68736007)(2501003)(86362001)(99286004)(7696005)(97736004)(2906002)(6436002)(14454004)(2351001)(5640700003)(33656002)(3660700001)(53936002)(106356001)(10090500001)(478600001)(2900100001)(8990500004)(7736002)(74316002)(186003)(790700001)(10290500003)(6116002)(4326008)(53376002)(72206003)(606006)(25786009)(5660300001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB1006; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: bh6GuerpginOiuZmE14uxZgIq8CftOu66pVs1DMpKQUnkYJUwLxBGp/sncoG1MUT2je8NYHzVF4Qq6L1ReUig2QQB5/8OBBTY537abKwSjM38l5EX4fL3TsXINP6rq+qVjWOTCeKzTOsdXFcxEtj5BGMPTfDZeWM1HJFvyThcvQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70SN6PR2101MB0943_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 75e0ff51-486f-4907-8429-08d57e42d21a
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2018 00:32:59.8895 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB1006
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/e4HAvjbibxghWe35Jjt_lW0d4IY>
Subject: [OAUTH-WG] OAuth Authorization Server Metadata spec addressing IESG feedback
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 00:33:04 -0000

The OAuth Authorization Server Metadata specification has been updated to address feedback received from IESG members.  Changes were:

  *   Revised the transformation between the issuer identifier and the authorization server metadata location to conform to BCP 190, as suggested by Adam Roach.
  *   Defined the characters allowed in registered metadata names and values, as suggested by Alexey Melnikov.
  *   Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbell.
  *   Acknowledged additional reviewers.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-oauth-discovery-09

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-oauth-discovery-09.html

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1779 and as @selfissued<https://twitter.com/selfissued>.