[OAUTH-WG] Robert Wilton's Discuss on draft-ietf-oauth-jwt-introspection-response-10: (with DISCUSS)

Robert Wilton via Datatracker <noreply@ietf.org> Thu, 04 February 2021 11:19 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C9933A1290; Thu, 4 Feb 2021 03:19:53 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-oauth-jwt-introspection-response@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org, Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, rifaat.s.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.25.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <161243759330.21901.3347578006693687311@ietfa.amsl.com>
Date: Thu, 04 Feb 2021 03:19:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/fYHENklVtU1-EbTbXxM11UiHjP4>
Subject: [OAUTH-WG] Robert Wilton's Discuss on draft-ietf-oauth-jwt-introspection-response-10: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 11:19:53 -0000

Robert Wilton has entered the following ballot position for
draft-ietf-oauth-jwt-introspection-response-10: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Hi,

Thank you for this document.

I have a  couple of process related questions regarding the legal aspects
considered in chapter 9 on privacy that I would like to discuss with the other
ADs on the telechat (hence raising it as a Discuss).

My two questions are:

(1) Is it appropriate for an RFC to specifying requirements relating to legal
issues and laws?  Note, I think that the guidance that is provides is really
helpful and should be included in the document, but I'm a bit concerned as to
whether a standards track RFC should be stating formal requirements/constraints
related to enforcing legal requirements rather that providing non-normative
guidance.

(2) Related to the first question, if the IESG believes believes that providing
such requirements is okay, a further question is whether using RFC 2119
language is appropriate, or whether this should use regular English?

An example from section 9:

   The AS MUST ensure a
   legal basis exists for the data transfer before any data is released
   to a particular RS.  The way the legal basis is established might
   vary among jurisdictions and MUST consider the legal entities
   involved.

Regards,
Rob