Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Wed, 24 January 2018 22:11 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF17D127201; Wed, 24 Jan 2018 14:11:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_N6K43CIVk1; Wed, 24 Jan 2018 14:11:46 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0094.outbound.protection.outlook.com [104.47.37.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E17B31270FC; Wed, 24 Jan 2018 14:11:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rt54Kxztn07qDvjvq0VQfeSOrZrm/h7bl0QZAUnN3Kk=; b=Np7QuslVkSYC15NJ4KbFEoQCwk6H2oausP/RWddSvq3cCjant0QTmX3k4Oh2EVVfKWwkTXuvbxp2MDN2nC+NfTD1pkmRZm+CV+09vS8yc3ZATh13YfMe9Bb4CaC5U7n3Yn49GYsu+XX+VqMA9mDDpI/07HiecMwo8txyTDQTeng=
Received: from DM5PR2101MB0934.namprd21.prod.outlook.com (52.132.131.164) by DM5PR2101MB1013.namprd21.prod.outlook.com (52.132.133.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.464.0; Wed, 24 Jan 2018 22:11:43 +0000
Received: from DM5PR2101MB0934.namprd21.prod.outlook.com ([fe80::1cad:f264:b790:372a]) by DM5PR2101MB0934.namprd21.prod.outlook.com ([fe80::1cad:f264:b790:372a%4]) with mapi id 15.20.0428.002; Wed, 24 Jan 2018 22:11:43 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
CC: "draft-ietf-oauth-discovery@ietf.org" <draft-ietf-oauth-discovery@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Thread-Index: AQHTlOop6dUBqhyeJUqE43siwWseqKODkaAQ
Date: Wed, 24 Jan 2018 22:11:43 +0000
Message-ID: <DM5PR2101MB0934487B64A5CDA299AA529EF5E20@DM5PR2101MB0934.namprd21.prod.outlook.com>
References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com>
In-Reply-To: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [68.233.204.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB1013; 6:/iYmlLXdFtkpTSaWb0zxVuJNeC4sSPBxySVbrZ+4m2ik/TzdYCn98k7b/2eyfWsweY5vMnpjH0V04ExLLf6ow+wY5KpItM5SXT1WTzmWVoV0UjrKxznCTkW0McP1RVy4qrAhYzUcPqmdYo7X/gDruljci9LmDqo6huvqnlVR3457/uSOE06WwSu+W6mwEjrzPK6fo75Kcig23EXVXcjfW+sR3u48OputOlzB5goOLiofwd/Q87qU7a0nVFaJu6pwPpxFXlH2HyUTYcZiwNv9yV34qg0HluT/EYzlsC31vY86VS16iugkxW3OXD5lP20rvFwx224S3qcS7DlivVOU+q9VNc1q+rTjISnRkZxyH3XTt64OsQ4eqjJK0pE9wDNo; 5:yjGAvT8nJkHPNVtuvrcCDIjBfMhfYn1FmHv+uyXMpl2wrBgPEdomExobYS+pdTwxK4Ye5cuM/tCj7r0XbnasqcGFKzJmCvntv9eF3NRV8ms4X/i+tJ+pzbEl+p/m/IwEBMXsHj20ET6gwWji8rtKmW7JF/Q/XVWwEn1hTJAHecs=; 24:8MZsJ6J1RhuwAwZ9tgeEoEVrtK2fuzWb7vg/429SqdhU5/Hd1H3HXN9cCk/je6a/xiLoJ/mu/Uh3RhY0XioLv+o/2707iPJ2IiYGUxO7rHM=; 7:/idQXg1tKrQzXr8tAfT1dR+/c01TFqPSNWWvVbyM1ZxNxvsRRKp69bluWTeFRBX7DOIf8aqfsm1ouNvLMmoy06lABjQRkjOukF8ULUPxavHBvlFZgmtD+jCdm4vJyAu8Kdu26eHw70rOuLAGFhtT76dpuNz1mSj1nmuGW3uds03Jnm45X1yEPh+FPgU6ImaNakwTfDZBZFXCrUsewrFnjPdiW+J1zB5prYKY8t0L5ZK/DNyPV3Sy6IKbkXvQfoWM
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: e70543cd-d373-4fd3-f8c3-08d5637773c7
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:DM5PR2101MB1013;
x-ms-traffictypediagnostic: DM5PR2101MB1013:
x-microsoft-antispam-prvs: <DM5PR2101MB1013767B56C7B26C4D8750E1F5E20@DM5PR2101MB1013.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(248736688235697);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(3231046)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041288)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM5PR2101MB1013; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB1013;
x-forefront-prvs: 056297E276
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39380400002)(366004)(39860400002)(376002)(51914003)(13464003)(189003)(199004)(7696005)(305945005)(76176011)(25786009)(6246003)(4326008)(6506007)(53546011)(5250100002)(33656002)(6116002)(26005)(3846002)(99286004)(6346003)(2950100002)(102836004)(186003)(2906002)(5660300001)(478600001)(106356001)(14454004)(230783001)(72206003)(66066001)(966005)(2900100001)(97736004)(105586002)(8936002)(10290500003)(81166006)(3280700002)(3660700001)(81156014)(68736007)(8676002)(10090500001)(86362001)(7736002)(86612001)(110136005)(8666007)(6436002)(9686003)(316002)(55016002)(22452003)(6306002)(74316002)(8990500004)(53936002)(54906003)(345774005)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB1013; H:DM5PR2101MB0934.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: ZMuitVoCQu6D075NLKcjeCuH3xOWB9TvaFpnFfMPForrW7wfwzqI9SqzCRVznVcR+kThfWegaKZqgzrPAQpVwg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e70543cd-d373-4fd3-f8c3-08d5637773c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2018 22:11:43.5973 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB1013
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/qNpopRCHYYzJjp_dEbM9p1LdLS0>
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 22:11:49 -0000
Thanks for the useful review, Alexey. I propose that we use the same character restrictions that are described in https://tools.ietf.org/html/rfc7638#section-6, which are: (a) require that member names being registered use only printable ASCII characters excluding double quote ('"') and backslash ('\') (the Unicode characters with code points U+0021, U+0023 through U+005B, and U+005D through U+007E), or (b) if new members are defined that use other code points, require that their definitions specify the exact Unicode code point sequences used to represent them. Furthermore, proposed registrations that use Unicode code points that can only be represented in JSON strings as escaped characters must not be accepted. I also propose that we say that member name comparison occurs in the manner described in https://tools.ietf.org/html/rfc7159#section-8.3. Will that work for you, Alexey? Thanks, -- Mike -----Original Message----- From: Alexey Melnikov [mailto:aamelnikov@fastmail.fm] Sent: Wednesday, January 24, 2018 12:06 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-oauth-discovery@ietf.org; Hannes Tschofenig <Hannes.Tschofenig@gmx.net>; oauth-chairs@ietf.org; Hannes.Tschofenig@gmx.net; oauth@ietf.org Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) Alexey Melnikov has entered the following ballot position for draft-ietf-oauth-discovery-08: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the well written IANA Considerations section. I have one comment on it which should be easy to resolve: The document doesn't seem to say anything about allowed characters in Metadata names. When the document talks about "case-insensitive matching", it is not clear how to implement the matching, because it is not clear whether or not Metadata names are ASCII only. If they are not, then you need to better define what "case insensitive" means. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Adam's DISCUSS.
- [OAUTH-WG] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Alexey Melnikov
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Mike Jones
- Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft… Alexey Melnikov