IETF Logo Mail Archive

Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)

Brian Campbell <bcampbell@pingidentity.com> Wed, 04 September 2019 21:08 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62FD120147 for <oauth@ietfa.amsl.com>; Wed, 4 Sep 2019 14:08:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AG_hQn_rU53l for <oauth@ietfa.amsl.com>; Wed, 4 Sep 2019 14:07:59 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F2D51200A3 for <oauth@ietf.org>; Wed, 4 Sep 2019 14:07:59 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id b136so23472418iof.3 for <oauth@ietf.org>; Wed, 04 Sep 2019 14:07:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Vxf27wCwEpLSSCTlxhRuUuq+7KewHXD47Uq70JoLFJY=; b=NA9++FgvIZBDsVlEU7AelRIupY0IcVCAPW6gWNMP/RBE3UlAwHhov37FUYzsODE5Y1 GbLKAQj70k3a1HkL6p4xSWU5dGAh7J1ItZq7Oymfql5DrXEIcn0okFin2HA+V3BfaNj3 tZITNNDCr6VmLQpGGbxgXfFQCXNAXky7kmQi8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Vxf27wCwEpLSSCTlxhRuUuq+7KewHXD47Uq70JoLFJY=; b=FnnCEprhUe6YY0EY1yirMQOMolyUWXKoBWtrmrBqkWAszMDnuOI9A8EmO7TG3FAkHR jnFVdEVglChoxQf7HmimpPH5ahwF5fI5Z+DCeNmOmY7Wg3RbX1pKCWTYyuIF6TH2FZ65 Tap5MrA135Ikp4/GIe3KTobckuDMV/InaBP8Pv3Xcfzu7zFgvBMbwwxuJRJA6fo2eCJP lhpSIl2wXbjkNbmriDKBM3LLKp5PpR8iOdqXO+xV9tGrIXXG4PY9FKU5yZs3UStb+eMe S/Y7KdLorB2xTL04al87AKOP3akvR708+lPR1tsVFVjiJzEpTzCk+l5fOXkIiCRAjrYQ rzSQ==
X-Gm-Message-State: APjAAAV8wcbmlivBCAUIICtEHFnPp7/+UNlxkioqHlHgYtoADUi2myJt teY66Q85QTT/+KiZWNPlpH8YVwoAFUX9KoM+2SjbzUb4xnVpSI+4uqMKZNlXDORHXkTS4AO8YOC ncDod5bsGwON0Kg==
X-Google-Smtp-Source: APXvYqyG50a4GDZ64b/1Pc1hlTm0EYW20HXLs0d4D48cOjn4GOL7P5icqLgdjjnGh5T8NWKvnJ70bHqfOA/wBC8saCE=
X-Received: by 2002:a05:6638:6b2:: with SMTP id d18mr202377jad.61.1567631278795; Wed, 04 Sep 2019 14:07:58 -0700 (PDT)
MIME-Version: 1.0
References: <156757720342.20663.3055037033818226992.idtracker@ietfa.amsl.com> <CA+k3eCSH5pkMkqBUmcENSdc3kDB0z3kpZoVGrPdB2hbsXvV8Bg@mail.gmail.com> <CALaySJJKt7UM7Xq-azgh1eF8hoBwvf+xatdC-PTeSOYvFBsieA@mail.gmail.com>
In-Reply-To: <CALaySJJKt7UM7Xq-azgh1eF8hoBwvf+xatdC-PTeSOYvFBsieA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 04 Sep 2019 15:07:31 -0600
Message-ID: <CA+k3eCQzTDChVPVZiDPykV7GqU_ibpG9g8Av4Rr+uqd1gtBUsg@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: Adam Roach <adam@nostrum.com>, draft-ietf-oauth-resource-indicators@ietf.org, oauth-chairs@ietf.org, The IESG <iesg@ietf.org>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000830ef20591c0990e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/kuzKrkUBXJ1XYNSEvy5PrJyhx9Q>
Subject: Re: [OAUTH-WG] Adam Roach's No Objection on draft-ietf-oauth-resource-indicators-05: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 21:08:02 -0000

Thanks Barry, I kinda like it. Although I'm a bit hesitant to make a change
like that at this stage. I guess I'd be looking for a little more buy-in
from folks first. Though it's not actually a functional breaking change. So
maybe okay to just go with.

On Wed, Sep 4, 2019 at 2:54 PM Barry Leiba <barryleiba@computer.org> wrote:

> > Yeah, with query parameters lacking the hierarchical semantics that the
> path component has, it is much less clear. In fact, an earlier revision of
> the draft forbid the query part as I was trying to avoid the ambiguity that
> it brings. But there were enough folks with some use case for it that it
> made its way back in. While I am sympathetic to the point you're making
> here, I'd prefer to not codify the practice any further by way of example
> in the document.
>
> Is it perhaps reasonable to discourage the use of a query component
> while still allowing it?  Maybe a "SHOULD NOT", such as this?:
>
> OLD
>       Its value MUST be an absolute URI, as specified by
>       Section 4.3 of [RFC3986], which MAY include a query component but
>       MUST NOT include a fragment component.
> NEW
>       Its value MUST be an absolute URI, as specified by
>       Section 4.3 of [RFC3986].  The URI MUST NOT include
>       a fragment component.  It SHOULD NOT include a query
>       component, but it is recognized that there are cases that
>       make a query component useful.
> END
>
> What do you think?
>
> Barry
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email