Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt

Justin Richer <jricher@mit.edu> Mon, 01 December 2014 11:36 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF1791A1B49 for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 03:36:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smvZZHwey37c for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 03:36:09 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDDBA1A1B47 for <oauth@ietf.org>; Mon, 1 Dec 2014 03:36:07 -0800 (PST)
X-AuditID: 1209190c-f79e46d000000eb2-54-547c52a50f10
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 9F.21.03762.6A25C745; Mon, 1 Dec 2014 06:36:06 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id sB1Ba5Qr016257; Mon, 1 Dec 2014 06:36:05 -0500
Received: from [IPv6:2607:fb90:2402:7470:0:44:6067:c801] (ma52536d0.tmodns.net [208.54.37.165]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sB1Ba3a8022634 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 1 Dec 2014 06:36:04 -0500
Date: Mon, 01 Dec 2014 06:36:01 -0500
Message-ID: <wpjtksq67hfvcerlctv03ag4.1417433761675@email.android.com>
Importance: normal
From: Justin Richer <jricher@mit.edu>
To: Sergey Beryozkin <sberyozkin@gmail.com>, oauth@ietf.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.android.email_1443392620913940"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsUixCmqrLssqCbEoO80i8XJt6/YLP4ttXdg 8tg56y67x5IlP5kCmKK4bFJSczLLUov07RK4Mr7MnstY0BdSsbP3OXMD44PALkZODgkBE4mH C0+xQ9hiEhfurWfrYuTiEBJYzCRxbf10FpCEkMAGRome2SkQiQtMEneP/mYGSbAIqEosO36e DcQWFvCUWHJ6L1gDr4CbxPcZ54BsDg5OASGJrl0SIGE2oPLpa1qYQGwRAWuJG4+nM0KUC0qc nPkErJVZIFRi5//p7BMYeWchSc1CkoKw1SX+zLvEDGErSkzpfggU5wCy1SSWtSohCy9gZFvF KJuSW6Wbm5iZU5yarFucnJiXl1qka6iXm1mil5pSuokRHKKSPDsY3xxUOsQowMGoxMMrMb86 RIg1say4MvcQoyQHk5Io79LAmhAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrxvvYFyvCmJlVWp RfkwKWkOFiVx3k0/+EKEBNITS1KzU1MLUotgsjIcHEoSvH0gQwWLUtNTK9Iyc0oQ0kwcnCDD eYCGh4HU8BYXJOYWZ6ZD5E8xKkqJ87KBJARAEhmleXC9sBTyilEc6BVhXilgQhHiAaYfuO5X QIOZgAYzNFeCDC5JREhJNTDuNHo1jTXlvFDIjEsJEgU5B9oZLrpatrpZGr4Mqj28OTQ+b9pM uVPmbz1ezzi0LuLUqaC4A3LOr3+XBX/7z729LNd0b3qkLLPI17X5Cu0H3q3L3Nupf/L87J8T L9qJdp9s6Tx7YmP34eiO8Fetl3oSj0cev2TXHrXt8VteHpuExRFJCrvi1u9SYinOSDTUYi4q TgQAE6zd8/wCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/hX5mEJWU1bF1DFZs-j2xuhcUu_I
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 11:36:13 -0000

Oh, thanks, that is supposed to be explicitly stated! Yes, it's form parameters. 


-- Justin

/ Sent from my phone /


-------- Original message --------
From: Sergey Beryozkin <sberyozkin@gmail.com> 
Date:12/01/2014  5:57 AM  (GMT-05:00) 
To: oauth@ietf.org 
Cc:  
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt 

On 01/12/14 10:56, Sergey Beryozkin wrote:
> Hi Justin
>
> Nicely written text, as usual.
> Few comments:
> - I haven't found a reference to a data format of POST requests.
> I'm presuming it is going to be a form payload (would mean the server
> code can write more or less the same code dealing with POST & GET
> queries) ?
Oops :-), sorry, did not scroll down to the example in the text

Thanks, Sergey
> - consider directly specifying an optional 'client_ip' property
> - consider adding an optional request_method (or request_verb) hint, a
> given scope can be restricted to say GET only, can be useful when a
> protected resource is written to support GET and POST over the same
> resource_id URI;
>
> The text that the endpoint may support other parameters (such a client
> ip address) covers the last 2 parameters, but I guess it would be more
> inter-operable to 'promote' the parameters that may be of general use.
>
> Thanks, Sergey
>
>
>
>
> On 01/12/14 02:41, internet-drafts@ietf.org wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>   This draft is a work item of the Web Authorization Protocol Working
>> Group of the IETF.
>>
>>          Title           : OAuth 2.0 Token Introspection
>>          Author          : Justin Richer
>>     Filename        : draft-ietf-oauth-introspection-01.txt
>>     Pages           : 10
>>     Date            : 2014-11-30
>>
>> Abstract:
>>     This specification defines a method for a protected resource to query
>>     an OAuth 2.0 authorization server to determine the active state of an
>>     OAuth 2.0 token and to determine meta-information about this token.
>>     OAuth 2.0 deployments can use this method to convey information about
>>     the authorization context of the token from the authorization server
>>     to the protected resource.
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-oauth-introspection-01
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-01
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth