Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9325212D95A; Tue, 27 Feb 2018 19:04:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paUllXHTQxNJ; Tue, 27 Feb 2018 19:04:33 -0800 (PST) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0117.outbound.protection.outlook.com [104.47.41.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E3E127775; Tue, 27 Feb 2018 19:04:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SHU02qfG8gMm+76b+u7HxvfvTPGw2XF8yZ9ZyOFZ6aM=; b=Vv/AkZAN3rFopkynA4S/6brw2pLpTbcDbqoTTqmFd1fAEZWhaIO2AA0yFrG6sWiyc7JggcvYF+k45R2kImSJydCAlPXL6tdn4IOeI/Rw8pLTckces3rPVJ6A/DnrTeXZAWSOw34XIwcCaPuef9v8YlJKlFoI7S9m5nd1yzG/U/k= Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0992.namprd21.prod.outlook.com (52.132.114.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.2; Wed, 28 Feb 2018 03:04:31 +0000 Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Wed, 28 Feb 2018 03:04:31 +0000 From: Mike Jones To: Alexey Melnikov , The IESG CC: "draft-ietf-oauth-discovery@ietf.org" , "oauth-chairs@ietf.org" , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) Thread-Index: AQHTlOop6dUBqhyeJUqE43siwWseqKODkaAQgAXXNACAAAUYYIAumhgwgAFPxVA= Date: Wed, 28 Feb 2018 03:04:31 +0000 Message-ID: References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> , <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [50.47.88.236] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0992; 7:b2LoB+PAiHOzodcCx5XX9qmYIkEGnLVdizDX/2oHDx5b7mhOGYIDJ3zczvupEYtHgJOk+c1euKWiejs5KaaKfqvd/qa5AnskdzAO2o+Z53ptcb/UFwbCsHMnjZj5TfHV/7Vx94gLOntGpBpEQzA7k3M7iTUdp9lTENgYWKGmW12x4Rzyrf4x/J9PXpl/iGcPisgBuVYil9db2bL7NVRjLr5nTpzHlcQapke9Hbu/DErbaDKUhyCpzUd4VTOXO+N7 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 44e68ae7-8987-4803-6518-08d57e57fcee x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:SN6PR2101MB0992; x-ms-traffictypediagnostic: SN6PR2101MB0992: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(248736688235697)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(5005006)(8121501046)(3231220)(944501211)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:SN6PR2101MB0992; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0992; x-forefront-prvs: 0597911EE1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39860400002)(346002)(396003)(376002)(39380400002)(366004)(199004)(189003)(13464003)(51914003)(606006)(186003)(97736004)(93886005)(8676002)(8666007)(86612001)(316002)(8990500004)(53936002)(10090500001)(68736007)(106356001)(9686003)(6306002)(8936002)(54896002)(236005)(66066001)(55016002)(81166006)(2950100002)(81156014)(105586002)(5660300001)(6436002)(102836004)(22452003)(6246003)(6116002)(790700001)(110136005)(3660700001)(7736002)(6506007)(3846002)(25786009)(345774005)(26005)(10290500003)(2900100001)(5250100002)(5890100001)(7696005)(74316002)(86362001)(229853002)(72206003)(4326008)(76176011)(99286004)(6346003)(33656002)(2906002)(3280700002)(54906003)(14454004)(966005)(53546011)(478600001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0992; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: MnE8/vanIMXTWvIgwA38V76empDdHQUXzw7WwTJf7dPvTq0lFFDvjwZ8KQv25Sq05IVj2PWSxCSUcqT+Qp3SB1EEWyGgMuG2y/fKCwXv8iVnaOhE+6oqvcR4ZqsebEkpTe/Wdr5drexgpTGppP+VicU1iZU0lJ/+eEXTwVzMzKM= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 44e68ae7-8987-4803-6518-08d57e57fcee X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2018 03:04:31.1658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0992 Archived-At: Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 03:04:43 -0000 --_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I believe that the changes in https://tools.ietf.org/html/draft-ietf-oauth-= discovery-09 address the DISCUSS and comments. Please review - ideally bef= ore the upcoming telechat. Thanks again, -- Mike From: Mike Jones Sent: Monday, February 26, 2018 11:03 PM To: The IESG ; Alexey Melnikov Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.= org Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) The attached drafts address the DISCUSSes from Adam and Alexey in the ways = proposed. A summary of the changes from -08 is: * Revised the transformation between the issuer identifier and the a= uthorization server metadata location to conform to BCP 190, as suggested b= y Adam Roach. * Defined the characters allowed in registered metadata names and va= lues, as suggested by Alexey Melnikov. * Changed to using the RFC 8174 boilerplate instead of the RFC 2119 = boilerplate, as suggested by Ben Campbell. * Acknowledged additional reviewers. I've attached both source and .txt versions to facilitate comparison to -08= . Unless I hear additional suggestions for improvements by my end of busin= ess Tuesday, I'll plan to publish this as -09. Thanks all, -- Mike From: Mike Jones Sent: Sunday, January 28, 2018 7:23 AM To: The IESG >; Alexey Melnikov > Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.o= rg Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) Your understanding matches with the intent of the language from RFC 7638. I= 'll plan to proceed on that basis then. Thanks again, -- Mike From: Alexey Melnikov Sent: Sunday, January 28, 7:04 AM Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) To: Mike Jones, The IESG Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, oauth@ietf.o= rg Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks for = the useful review, Alexey. I propose that we use the same > character restr= ictions that are described in > https://tools.ietf.org/html/rfc7638#section= -6, which are: > > (a) require that member names being registered use > onl= y printable ASCII characters excluding double quote ('"') and > backslash (= '\') (the Unicode characters with code points U+0021, > U+0023 through U+00= 5B, and U+005D through U+007E), This looks reasonable. > or > > (b) if new = members are defined that use other code > points, require that their defini= tions specify the exact Unicode code > point sequences used to represent th= em. Furthermore, proposed > registrations that use Unicode code points that= can only be > represented in JSON strings as escaped characters must not b= e > accepted. So just to double check: it is Ok to register names in Greek = or Cyrillic (for example) and they will be compared in a case sensitive man= ner? > I also propose that we say that member name comparison occurs in the= > manner described in https://tools.ietf.org/html/rfc7159#section-8.3. My = understanding is that RFC 7159 recommends case-sensitive comparison and tha= t is fine with me. > Will that work for you, Alexey? Best Regards, Alexey >= > Thanks, > -- Mike > > -----Original Message----- > From: Alexey Melnikov= [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 = AM > To: The IESG > Cc: draft-ietf-oauth-discovery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf.org > Subject: Alexey M= elnikov's Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COM= MENT) > > Alexey Melnikov has entered the following ballot position for > d= raft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the = subject line intact and reply to all > email addresses included in the To a= nd CC lines. (Feel free to cut this > introductory paragraph, however.) > >= > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.htm= l > for more information about IESG DISCUSS and COMMENT positions. > > > Th= e document, along with other ballot positions, can be found here: > https:/= /datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > > -------------= --------------------------------------------------------- > DISCUSS: > ----= ------------------------------------------------------------------ > > Than= k you for the well written IANA Considerations section. I have one > commen= t on it which should be easy to resolve: > > The document doesn't seem to s= ay anything about allowed characters in > Metadata names. When the document= talks about "case-insensitive > matching", it is not clear how to implemen= t the matching, because it is > not clear whether or not Metadata names are= ASCII only. If they are not, > then you need to better define what "case i= nsensitive" means. > > > --------------------------------------------------= -------------------- > COMMENT: > -----------------------------------------= ----------------------------- > > I am agreeing with Adam's DISCUSS. > > > = _______________________________________________ > OAuth mailing list > OAut= h@ietf.org > https://www.ietf.org/mailman/listinfo/o= auth --_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I believe that the cha= nges in https= ://tools.ietf.org/html/draft-ietf-oauth-discovery-09 address the DISCUS= S and comments.  Please review – ideally before the upcoming tel= echat.

 

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Thanks again,

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

From: Mike Jones
Sent: Monday, February 26, 2018 11:03 PM
To: The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@f= astmail.fm>
Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oaut= h@ietf.org
Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

 

The attached drafts ad= dress the DISCUSSes from Adam and Alexey in the ways proposed.  A summ= ary of the changes from -08 is:

·        Revised the transformation betw= een the issuer identifier and the authorization server metadata location to= conform to BCP 190, as suggested by Adam Roach.

·        Defined the characters allowed = in registered metadata names and values, as suggested by Alexey Melnikov.

·        Changed to using the RFC 8174 b= oilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbel= l.

·        Acknowledged additional reviewe= rs.

I’ve attached bo= th source and .txt versions to facilitate comparison to -08.  Unless I= hear additional suggestions for improvements by my end of business Tuesday= , I’ll plan to publish this as -09.

 

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Thanks all,

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

From: Mike Jones
Sent: Sunday, January 28, 2018 7:23 AM
To: The IESG <iesg@ietf.org&= gt;; Alexey Melnikov <aamelnik= ov@fastmail.fm>
Cc: draft-iet= f-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

 

Your understanding matches = with the intent of the language from RFC 7638. I'll plan to proceed on that= basis then.

Thanks again,

-- Mike

From: Alexey Melnikov

Sent: Sunday, January 28, 7:04 AM

Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft= -ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

To: Mike Jones, The IESG

Hi Mike, On Wed, Jan 24, 20= 18, at 10:11 PM, Mike Jones wrote: > Thanks for the useful review, Alexe= y. I propose that we use the same > character restrictions that are described in > https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a)= require that member names being registered use > only printable ASCII c= haracters excluding double quote ('"') and > backslash ('\') (the U= nicode characters with code points U+0021, > U+0023 through U+005B, and U+005D through U+007E), This looks reasona= ble. > or > > (b) if new members are defined that use other code &= gt; points, require that their definitions specify the exact Unicode code &= gt; point sequences used to represent them. Furthermore, proposed > registrations that use Unicode code points that can only be > repr= esented in JSON strings as escaped characters must not be > accepted. So= just to double check: it is Ok to register names in Greek or Cyrillic (for= example) and they will be compared in a case sensitive manner? > I also propose that we say that member name co= mparison occurs in the > manner described in https://tools.i= etf.org/html/rfc7159#section-8.3. My understanding is that RFC 7159 rec= ommends case-sensitive comparison and that is fine with me. > Will that = work for you, Alexey? Best Regards, Alexey > > Thanks, > -- Mike > > -----Original Message----- > F= rom: Alexey Melnikov [mailto:aame= lnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 AM >= ; To: The IESG > Cc: draft-ietf-oauth-dis= covery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf= .org > Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-discov= ery-08: > (with DISCUSS and COMMENT) > > Alexey Melnikov has enter= ed the following ballot position for > draft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the subject line intact and= reply to all > email addresses included in the To and CC lines. (Feel f= ree to cut this > introductory paragraph, however.) > > > Pleas= e refer to https= ://www.ietf.org/iesg/statement/discuss-criteria.html > for more info= rmation about IESG DISCUSS and COMMENT positions. > > > The docume= nt, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > = > > -----------------------------------------------------------------= ----- > DISCUSS: > --------------------------------------------------= -------------------- > > Thank you for the well written IANA Considerations section. I have one > comment on it which should be= easy to resolve: > > The document doesn't seem to say anything about= allowed characters in > Metadata names. When the document talks about &= quot;case-insensitive > matching", it is not clear how to implement the matching, because it is > not clear whether or not= Metadata names are ASCII only. If they are not, > then you need to bett= er define what "case insensitive" means. > > > ---------= ------------------------------------------------------------- > COMMENT: > -------------------------------------------------------= --------------- > > I am agreeing with Adam's DISCUSS. > > >= _______________________________________________ > OAuth mailing list &g= t; OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth

--_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_--