Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)

Brian Campbell <bcampbell@pingidentity.com> Thu, 05 September 2019 19:01 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A856120B6D for <oauth@ietfa.amsl.com>; Thu, 5 Sep 2019 12:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jur7fi5tSMbF for <oauth@ietfa.amsl.com>; Thu, 5 Sep 2019 12:01:27 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A05B120B75 for <oauth@ietf.org>; Thu, 5 Sep 2019 12:01:27 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id n197so7166050iod.9 for <oauth@ietf.org>; Thu, 05 Sep 2019 12:01:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HJ0GZ9Dgt31UKGS67CXE9kUbN/fJx/pclMfTW1ieTt8=; b=XuFj3DnzQdwbkHiMtJyO2Oymcpj0AU2AXXcICRqJVWspJH932DRP/+a8JmAQsekXkw rWctWwGQFukKWO92KUkNsjE6611jbRLNF3yk3W62kzdPltBb4hQb7s0j0UhPTdeo0Kn9 rDWXqm5XtADOdbUJS/9EzwGOdKWveYsuC/sZ8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HJ0GZ9Dgt31UKGS67CXE9kUbN/fJx/pclMfTW1ieTt8=; b=Ef50h4B6hqgG9JNQ3FOSiaPkeBG/8M5DlMnatg2wGJUWhd+TtHga7EOhugwIWCjlz8 22J2pGGONw4joIxpZpY+WoCndutrSijJuddIBj/4NAcVv3NzFXKEXpV8uPDQf2hMfNok CmBsI2vGJuw8GvjRg7gUIlLb70BDmW1z9Nofb1jYgbKXvdKi8qbJhxfBO595XXgKSaSG hWP6XO7LWHN5OnuO/hmGbJPyQ/hE+IsRb0mVQ9++wSRayw/UfV8GccfiZqAMMXPBTVnt 0FknW2mGq5a40serhluauSxImvurzx7BOVwdudz4WTDz6I+VAMNpU9kzTKrNF2Av2HID BFzg==
X-Gm-Message-State: APjAAAU5t0FvH0t4HYCvDne/dHX7zo5DIquqwEzCloy4P+xP7DFSpKLW wyQ9B1URZ9QoVjr3citsmLDJjAeI53werlzOFfPebJVyd9bNavCMO/xBtGq3whwEfEW5Vdrvtew v1GnJKT0EQ0Rizg==
X-Google-Smtp-Source: APXvYqzD3BmIM9kYRevVA4urQYslx+kTJIVB797UznnfIoutyYBm9Z6BX+ybik86i8pAGqynSp9OjA3T3jqUacVe/lY=
X-Received: by 2002:a02:3902:: with SMTP id l2mr5578906jaa.45.1567710086646; Thu, 05 Sep 2019 12:01:26 -0700 (PDT)
MIME-Version: 1.0
References: <156757720342.20663.3055037033818226992.idtracker@ietfa.amsl.com> <CA+k3eCSH5pkMkqBUmcENSdc3kDB0z3kpZoVGrPdB2hbsXvV8Bg@mail.gmail.com> <CALaySJJKt7UM7Xq-azgh1eF8hoBwvf+xatdC-PTeSOYvFBsieA@mail.gmail.com> <CA+k3eCQzTDChVPVZiDPykV7GqU_ibpG9g8Av4Rr+uqd1gtBUsg@mail.gmail.com>
In-Reply-To: <CA+k3eCQzTDChVPVZiDPykV7GqU_ibpG9g8Av4Rr+uqd1gtBUsg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 05 Sep 2019 13:01:00 -0600
Message-ID: <CA+k3eCS-pmo5Htq5=8zxbdV0AZtzb=RuE2PfhjPbBttZe+Tywg@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: Adam Roach <adam@nostrum.com>, draft-ietf-oauth-resource-indicators@ietf.org, oauth-chairs@ietf.org, The IESG <iesg@ietf.org>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d374460591d2f22c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/hBSilmy6hyRr0sJWkCRUH2_2Xng>
Subject: Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2019 19:01:38 -0000

I went ahead with this in -07.

On Wed, Sep 4, 2019 at 3:07 PM Brian Campbell <bcampbell@pingidentity.com>
wrote:

> Thanks Barry, I kinda like it. Although I'm a bit hesitant to make a
> change like that at this stage. I guess I'd be looking for a little more
> buy-in from folks first. Though it's not actually a functional breaking
> change. So maybe okay to just go with.
>
> On Wed, Sep 4, 2019 at 2:54 PM Barry Leiba <barryleiba@computer.org>
> wrote:
>
>> > Yeah, with query parameters lacking the hierarchical semantics that the
>> path component has, it is much less clear. In fact, an earlier revision of
>> the draft forbid the query part as I was trying to avoid the ambiguity that
>> it brings. But there were enough folks with some use case for it that it
>> made its way back in. While I am sympathetic to the point you're making
>> here, I'd prefer to not codify the practice any further by way of example
>> in the document.
>>
>> Is it perhaps reasonable to discourage the use of a query component
>> while still allowing it?  Maybe a "SHOULD NOT", such as this?:
>>
>> OLD
>>       Its value MUST be an absolute URI, as specified by
>>       Section 4.3 of [RFC3986], which MAY include a query component but
>>       MUST NOT include a fragment component.
>> NEW
>>       Its value MUST be an absolute URI, as specified by
>>       Section 4.3 of [RFC3986].  The URI MUST NOT include
>>       a fragment component.  It SHOULD NOT include a query
>>       component, but it is recognized that there are cases that
>>       make a query component useful.
>> END
>>
>> What do you think?
>>
>> Barry
>>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._