Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02

Mike Jones <> Wed, 20 June 2012 16:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 346AB21F86D1 for <>; Wed, 20 Jun 2012 09:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tTB83ZpaPMSt for <>; Wed, 20 Jun 2012 09:14:28 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4940C21F86B6 for <>; Wed, 20 Jun 2012 09:14:28 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server id; Wed, 20 Jun 2012 16:13:02 +0000
Received: from mail81-va3 (localhost []) by (Postfix) with ESMTP id BE03E4C0347; Wed, 20 Jun 2012 16:13:02 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:; KIP:(null); UIP:(null); IPV:NLI;; RD:none; EFVD:NLI
X-SpamScore: -33
X-BigFish: VS-33(zzbb2dI98dI9371I1431J542M1432I1a09Jzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail81-va3: domain of designates as permitted sender) client-ip=;; ; ;
Received: from mail81-va3 (localhost.localdomain []) by mail81-va3 (MessageSwitch) id 1340208780704195_17422; Wed, 20 Jun 2012 16:13:00 +0000 (UTC)
Received: from (unknown []) by (Postfix) with ESMTP id 9F249240050; Wed, 20 Jun 2012 16:13:00 +0000 (UTC)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 20 Jun 2012 16:12:59 +0000
Received: from ([]) by ([]) with mapi id 14.02.0309.003; Wed, 20 Jun 2012 16:14:07 +0000
From: Mike Jones <>
To: Peter Saint-Andre <>, Stephen Farrell <>
Thread-Topic: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02
Thread-Index: AQHNTt/sWKdca/SRw0Gp10lpJtZuBZcDJeCAgAA46HA=
Date: Wed, 20 Jun 2012 16:14:05 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Jun 2012 16:14:29 -0000

I agree that this should be standards track.

I agree that RFC Required is severe overkill.  Specification required or expert review would be fine.

I believe that we should delete the "please assign" functionality and require the registration to include the URN.  The defining specification should contain the URI to be registered.

I also agree that we need the "Specification document(s)" section of the template.  Authors, possibly see for example wording to use.

The template is also missing the standard "Change controller" section.

Per your question (5) Stephen, possibly see the registrations in  Authors, maybe using one of these as an example would help?

				-- Mike

-----Original Message-----
From: [] On Behalf Of Peter Saint-Andre
Sent: Wednesday, June 20, 2012 5:40 AM
To: Stephen Farrell
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02

On 6/20/12 6:26 AM, Stephen Farrell wrote:
> Hi,
> Many thanks for a nice short document!
> I've a few questions though and suspect that a quick re-spin might be 
> needed, but let's see what the wg think about 'em first.
> (1) Why Informational? Everything else at that level seems to be 
> specified in a standards track or BCP level RFC, and IETF Consensus is 
> required. [1] I think you have to do this as standards track. Did I 
> miss something?
>    [1]

I think you're right that standards-track makes sense here.

> (2) Do you *really* want RFC or specification required for all 
> registrations?  I don't care, but there is a trend away from that at 
> the moment since its been found to discourage registrations in a lot 
> of cases. Perhaps expert review would be ok?  No trying to push you 
> one way or the other, I just wanted to check.

Expert review seems fine; lighter processes are better here. If folks really want a spec, I'd prefer Specification Required to RFC Required or IETF Review.

> (3) If answer to (2) is yes: Section 5.1 says "Specification Required" 
> but section 3 said "RFC Required" and those differ.
> For example, an OASIS spec would not be ok if you say RFC required. I 
> don't know if you care, but you need to be consistent. (Or else I've 
> misread something;-)
> (4) Isn't the template missing the reference to the RFC or other 
> specification that defines the URN?
> (5) I don't get section 3, sorry;-) Can you give an example of a 
> class:id pair that'd be registered? Asking IANA to generate the id 
> part seems odd.

It's also not clear to me what is meant by "The token URI that identifies the registered component."


Peter Saint-Andre

OAuth mailing list