[OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 20 June 2012 12:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 77D5321F86EC for <oauth@ietfa.amsl.com>; Wed, 20 Jun 2012 05:26:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.207
X-Spam-Status: No, score=-102.207 tagged_above=-999 required=5 tests=[AWL=-0.208, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Ht6mC6fedzre for <oauth@ietfa.amsl.com>; Wed, 20 Jun 2012 05:26:23 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id C1A9C21F8549 for <oauth@ietf.org>; Wed, 20 Jun 2012 05:26:23 -0700 (PDT)
Received: from localhost (localhost []) by hermes.scss.tcd.ie (Postfix) with ESMTP id 3576B153B9E for <oauth@ietf.org>; Wed, 20 Jun 2012 13:26:23 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1340195182; bh=DHetAHm4jFVOmJ3idkT6T5Yt uY9lIybzRgLql1lBvbc=; b=J5bvyi+uNOdOeTq2w06qCEhzRuYL8+AhmTLZihDM xSOLyNx/eJgJjQDtfHYeBEQNunxd0IVdOjb7wHmt/FsB/n8flt3FQqajYf8GwZqt FtQCXcLcFMdtsATQ7dtiIHgji/gt4KEhiyC7fKMuettA9iREnECvuokjvbeU9DpM CqQUBCXZV13QUACNPCQycEJQb7ji62bLEO3EEIO2vMpA8H98MhIgqNxulOAeeb9U O3Q/tJ7FA7Zd7gaGFO8nIFFd7ZEovNgkMQdZujkA91DFHxvpsViskqZaL7XynGPU PRXCDfGDQtCLGHfrlVj9Et7uBXgpP8MM6ArHRVuf1NEc8Q==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([]) by localhost (scss.tcd.ie []) (amavisd-new, port 10027) with ESMTP id 2o9BmyXS1S88 for <oauth@ietf.org>; Wed, 20 Jun 2012 13:26:22 +0100 (IST)
Received: from [IPv6:2001:770:10:203:e59b:9b9d:9813:95ed] (unknown [IPv6:2001:770:10:203:e59b:9b9d:9813:95ed]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 9927A153B9D for <oauth@ietf.org>; Wed, 20 Jun 2012 13:26:21 +0100 (IST)
Message-ID: <4FE1C16D.6010602@cs.tcd.ie>
Date: Wed, 20 Jun 2012 13:26:21 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2012 12:26:24 -0000


Many thanks for a nice short document!

I've a few questions though and suspect that a quick re-spin
might be needed, but let's see what the wg think about 'em

(1) Why Informational? Everything else at that level seems to
be specified in a standards track or BCP level RFC, and IETF
Consensus is required. [1] I think you have to do this as
standards track. Did I miss something?

   [1] http://www.iana.org/assignments/params/params.xml

(2) Do you *really* want RFC or specification required for all
registrations?  I don't care, but there is a trend away from
that at the moment since its been found to discourage
registrations in a lot of cases. Perhaps expert review would
be ok?  No trying to push you one way or the other, I just
wanted to check.

(3) If answer to (2) is yes: Section 5.1 says "Specification
Required" but section 3 said "RFC Required" and those differ.
For example, an OASIS spec would not be ok if you say RFC
required. I don't know if you care, but you need to be
consistent. (Or else I've misread something;-)

(4) Isn't the template missing the reference to the RFC or
other specification that defines the URN?

(5) I don't get section 3, sorry;-) Can you give an example of
a class:id pair that'd be registered? Asking IANA to generate
the id part seems odd.


s3: s/generally referred/generally known/

s4: Might be worth pointing at the security considerations
section of draft-ietf-oauth-v2? I'd say that text would be
good to have read to know about the security considerations
for the use of these URNs, before you go making one up.