IETF Logo Mail Archive

[OAUTH-WG] AD Review of http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 15 July 2014 20:04 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4BCF1A0085 for <oauth@ietfa.amsl.com>; Tue, 15 Jul 2014 13:04:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VP-X-kdmqdEC for <oauth@ietfa.amsl.com>; Tue, 15 Jul 2014 13:04:10 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE4891A0061 for <oauth@ietf.org>; Tue, 15 Jul 2014 13:04:09 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id p9so3871959lbv.26 for <oauth@ietf.org>; Tue, 15 Jul 2014 13:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=AYdEwTN6ZwfViFQ5OXC1O4xYU14ECkHbTlEKIHw3mRw=; b=e4kx9Ke8xe06XRQZhfhm+Oo/yOiOTXc6iLGLMVxlDEMF8LTicwbQFQx9vMlLMcuKvg bOTNPPDUUspaL5k8IgkcxtPSwSbEaacD4Pzzw7zeZLCs+RaPEejm+eSozkWQlQ6nVq5B 0Tqv4BKl3IcLybEkkAFOZoc5mmIsaHq1+o8Wp+UbHr+UXYF1v7MX7D1rf9hwwCH/XsFY lbKg5nBIdZYtZ1yoAFRmSexmEqbBf2JohVi8EkrUHBP/4fMROsFQxFbzjwdp3b5R9/O3 E+R/FIwvBgPiNvFwOU7/2WbBrIa4LQlYFivW0vVw7tlp/cx6yz8ZlbFbKtrbH5Ak0enD liJA==
MIME-Version: 1.0
X-Received: by 10.152.216.228 with SMTP id ot4mr21010990lac.40.1405454648087; Tue, 15 Jul 2014 13:04:08 -0700 (PDT)
Received: by 10.112.207.73 with HTTP; Tue, 15 Jul 2014 13:04:08 -0700 (PDT)
Date: Tue, 15 Jul 2014 16:04:08 -0400
Message-ID: <CAHbuEH6w9mfHLwN8WMJHHV5qZ8MzLJY6ky-Yp_xg39WfpGbC3g@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a11345ee40c186504fe40e90c"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/fzqKOM6K4w1zI-_aFotABzCWbrc
Subject: [OAUTH-WG] AD Review of http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 20:04:12 -0000

Hello,

I just finished my review of
http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer.  The draft
looks great, thank you for all of your efforts on it!

I did notice that there were no privacy considerations pointing back to
RFC6973, could that text be added?  The draft came after the Oauth
framework publication (refernced in the security considerations), so I am
guessing that is why this was missed as there are privacy considerations in
the oauth assertion draft (I competed that review as well and the draft
looked great.  I don't have any comments to add prior to progressing the
draft).

Thank you.

-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email