IETF Logo Mail Archive

Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02

Mike Jones <Michael.Jones@microsoft.com> Wed, 20 June 2012 16:14 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346AB21F86D1 for <oauth@ietfa.amsl.com>; Wed, 20 Jun 2012 09:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Level:
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTB83ZpaPMSt for <oauth@ietfa.amsl.com>; Wed, 20 Jun 2012 09:14:28 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id 4940C21F86B6 for <oauth@ietf.org>; Wed, 20 Jun 2012 09:14:28 -0700 (PDT)
Received: from mail81-va3-R.bigfish.com (10.7.14.236) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.23; Wed, 20 Jun 2012 16:13:02 +0000
Received: from mail81-va3 (localhost [127.0.0.1]) by mail81-va3-R.bigfish.com (Postfix) with ESMTP id BE03E4C0347; Wed, 20 Jun 2012 16:13:02 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -33
X-BigFish: VS-33(zzbb2dI98dI9371I1431J542M1432I1a09Jzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail81-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail81-va3 (localhost.localdomain [127.0.0.1]) by mail81-va3 (MessageSwitch) id 1340208780704195_17422; Wed, 20 Jun 2012 16:13:00 +0000 (UTC)
Received: from VA3EHSMHS002.bigfish.com (unknown [10.7.14.252]) by mail81-va3.bigfish.com (Postfix) with ESMTP id 9F249240050; Wed, 20 Jun 2012 16:13:00 +0000 (UTC)
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS002.bigfish.com (10.7.99.12) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 20 Jun 2012 16:12:59 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0309.003; Wed, 20 Jun 2012 16:14:07 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02
Thread-Index: AQHNTt/sWKdca/SRw0Gp10lpJtZuBZcDJeCAgAA46HA=
Date: Wed, 20 Jun 2012 16:14:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436655FAA8@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4FE1C16D.6010602@cs.tcd.ie> <4FE1C4A3.4090808@stpeter.im>
In-Reply-To: <4FE1C4A3.4090808@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2012 16:14:29 -0000

I agree that this should be standards track.

I agree that RFC Required is severe overkill.  Specification required or expert review would be fine.

I believe that we should delete the "please assign" functionality and require the registration to include the URN.  The defining specification should contain the URI to be registered.

I also agree that we need the "Specification document(s)" section of the template.  Authors, possibly see http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-11.1.1 for example wording to use.

The template is also missing the standard "Change controller" section.

Per your question (5) Stephen, possibly see the registrations in http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-12#section-6.  Authors, maybe using one of these as an example would help?

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Peter Saint-Andre
Sent: Wednesday, June 20, 2012 5:40 AM
To: Stephen Farrell
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-urn-sub-ns-02

On 6/20/12 6:26 AM, Stephen Farrell wrote:
> 
> Hi,
> 
> Many thanks for a nice short document!
> 
> I've a few questions though and suspect that a quick re-spin might be 
> needed, but let's see what the wg think about 'em first.
> 
> (1) Why Informational? Everything else at that level seems to be 
> specified in a standards track or BCP level RFC, and IETF Consensus is 
> required. [1] I think you have to do this as standards track. Did I 
> miss something?
> 
>    [1] http://www.iana.org/assignments/params/params.xml

I think you're right that standards-track makes sense here.

> (2) Do you *really* want RFC or specification required for all 
> registrations?  I don't care, but there is a trend away from that at 
> the moment since its been found to discourage registrations in a lot 
> of cases. Perhaps expert review would be ok?  No trying to push you 
> one way or the other, I just wanted to check.

Expert review seems fine; lighter processes are better here. If folks really want a spec, I'd prefer Specification Required to RFC Required or IETF Review.

> (3) If answer to (2) is yes: Section 5.1 says "Specification Required" 
> but section 3 said "RFC Required" and those differ.
> For example, an OASIS spec would not be ok if you say RFC required. I 
> don't know if you care, but you need to be consistent. (Or else I've 
> misread something;-)
> 
> (4) Isn't the template missing the reference to the RFC or other 
> specification that defines the URN?
> 
> (5) I don't get section 3, sorry;-) Can you give an example of a 
> class:id pair that'd be registered? Asking IANA to generate the id 
> part seems odd.

It's also not clear to me what is meant by "The token URI that identifies the registered component."

Peter

--
Peter Saint-Andre
https://stpeter.im/




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email