Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-04.txt

"Richer, Justin P." <jricher@mitre.org> Tue, 23 December 2014 18:02 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8710D1A1ABE for <oauth@ietfa.amsl.com>; Tue, 23 Dec 2014 10:02:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nackIUNVtsCR for <oauth@ietfa.amsl.com>; Tue, 23 Dec 2014 10:02:33 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) by ietfa.amsl.com (Postfix) with ESMTP id 81F241A1AB3 for <oauth@ietf.org>; Tue, 23 Dec 2014 10:02:33 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1996F52E056 for <oauth@ietf.org>; Tue, 23 Dec 2014 13:02:33 -0500 (EST)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpvbsrv1.mitre.org (Postfix) with ESMTP id F3D3B52E1B9 for <oauth@ietf.org>; Tue, 23 Dec 2014 13:02:32 -0500 (EST)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.143]) by IMCCAS03.MITRE.ORG ([129.83.29.80]) with mapi id 14.03.0174.001; Tue, 23 Dec 2014 13:02:32 -0500
From: "Richer, Justin P." <jricher@mitre.org>
To: "<oauth@ietf.org>" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-04.txt
Thread-Index: AQHQHto2m+EA/K/3q0afSMLS15gPipydy1qA
Date: Tue, 23 Dec 2014 18:02:31 +0000
Message-ID: <DCE1C662-E785-4068-8547-D6D47BAB7F6A@mitre.org>
References: <20141223175920.640.76803.idtracker@ietfa.amsl.com>
In-Reply-To: <20141223175920.640.76803.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.146.15.76]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <FFE64700CD3D104ABAE9A0DEECD46197@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/i7zwtNa_fRWkBOzNFJXuCoFtgEQ
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 18:02:36 -0000

This draft makes two changes:

 - Removal of the "resource_id" input parameter, whose purpose has been largely supplanted by requiring authorization to call the introspection endpoint. I also don't know of any implementations that make use of this parameter. If there's later consensus on defining more context on the way in, we can easily have an extension for that.

 - Re-shuffling of the examples out of an appendix and into the sections that they represent; it reads better this way.

 -- Justin

On Dec 23, 2014, at 12:59 PM, <internet-drafts@ietf.org> <internet-drafts@ietf.org> wrote:

> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
> 
>        Title           : OAuth 2.0 Token Introspection
>        Author          : Justin Richer
> 	Filename        : draft-ietf-oauth-introspection-04.txt
> 	Pages           : 13
> 	Date            : 2014-12-23
> 
> Abstract:
>   This specification defines a method for a protected resource to query
>   an OAuth 2.0 authorization server to determine the active state of an
>   OAuth 2.0 token and to determine meta-information about this token.
>   OAuth 2.0 deployments can use this method to convey information about
>   the authorization context of the token from the authorization server
>   to the protected resource.
> 
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-introspection-04
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-04
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth