IETF Logo Mail Archive

Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Melvin Carvalho <melvincarvalho@gmail.com> Fri, 11 March 2016 11:21 UTC

Return-Path: <melvincarvalho@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5A5C12D5EF for <oauth@ietfa.amsl.com>; Fri, 11 Mar 2016 03:21:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Z9WYkaYTIlR for <oauth@ietfa.amsl.com>; Fri, 11 Mar 2016 03:21:54 -0800 (PST)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3360212D50C for <oauth@ietf.org>; Fri, 11 Mar 2016 03:21:54 -0800 (PST)
Received: by mail-lb0-x234.google.com with SMTP id k15so152653891lbg.0 for <oauth@ietf.org>; Fri, 11 Mar 2016 03:21:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=5pGYoLjrimof6t2TZoF0g0nSMyWOsa3VbjGTXhxPYbg=; b=YwzzOthvLwFMNvzn1TnLJkSuHo+LtKGAiOdeWLWFY+qnW3ozAb1+ECteu8SCUqXDEh Xo1cF4L3qkQ3F+3pfFFzRB7eNlGXM1KU30nttmmeidWRAaryMvXzBIlA+iUAxsDt+WBl qZGbKGAZAm5lP5NEEamOubHuosMxZW/eJIjxsw3AU1TdE2COQYn45FDQ3xKIUEZ1xR2x 5CyDZ4yAjiCUPo+BVQQz8y6Td6Ft3TOkGUD6adFfxqsVfmRlp3Pest7LawPYV6hSQdus 6WLmceGaOphqW8zimoByoz0PDDyBpayHNtlIGdvfxXgOPnsrafF7WofW+SMtlvaG6HXO BH5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=5pGYoLjrimof6t2TZoF0g0nSMyWOsa3VbjGTXhxPYbg=; b=byzXw05oCDWaEBxVVQU3b+gWOIIvcsYPaqbuwNvUUhJEKxcwzelKDlDPWLZU3j3wQa gUH7LiT8ApbHA5FD9cq6zIeb0VhrLimSnH3lWEA2CC6vQuSw1KwBmWivc5FlscdsmwKM 7mwjk0WO+5aazOua1/EmoPH4cpZNtucLSDSkev7pBJM/OsQIM/huwnQOc+31QuEprLLs CvSb4C9Itzd/aR/o5KISaAP6vb3DVXmICJR8mvVp/iXjklgQUTinEfozyO98eLBxgcXl 4UkUkjSgjfUJ1LA4ILy8qn/7CppS6EuT5aOp7yT0FOHR/NKz3xVOha2NLAe/gWLkvfkR VAsQ==
X-Gm-Message-State: AD7BkJJ8zUtsJf58mZHFwhiVZnCJ147v2bEx4Bcl0lvij87HxWrjYcF9BaducNKNzKaTnzwscnfP8yeYHDNptQ==
MIME-Version: 1.0
X-Received: by 10.112.129.169 with SMTP id nx9mr3049633lbb.96.1457695312302; Fri, 11 Mar 2016 03:21:52 -0800 (PST)
Received: by 10.112.85.3 with HTTP; Fri, 11 Mar 2016 03:21:52 -0800 (PST)
In-Reply-To: <56C5C9D5.6040703@gmx.net>
References: <56C5C9D5.6040703@gmx.net>
Date: Fri, 11 Mar 2016 12:21:52 +0100
Message-ID: <CAKaEYh+2Rd5ANLJZPhLgWcjmnW_qrUK47HA36FP_UioaxSF70A@mail.gmail.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="047d7b3441da47da0b052dc42374"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/vkONCWAYQ3xAxU69NKkQV15vmr8>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 11:21:57 -0000

On 18 February 2016 at 14:40, Hannes Tschofenig <hannes.tschofenig@gmx.net>
wrote:

> Hi all,
>
> This is a Last Call for comments on the  OAuth 2.0 Discovery specification:
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-01
>
> Since this document was only adopted recently we are running this last
> call for **3 weeks**.
>
> Please have your comments in no later than March 10th.
>

Just finished reviewing this.  Since it's 1 day past the comments dealine,
I'll just leave some high level thoughts, based on how I may implement some
of this.  No need to respond.

1. I'd like to see a path supporting the increasingly popular w3c REC, JSON
LD.

2. General feedback I've had since the inception of webfinger was that it's
had decreasing adoption.  Perhaps an idea to remove reference.  Usage stats
would be interesting if public.

3. I feel the mandatory-ness of TLS/SSL slightly over the top.  I dont
think we are at HTTPS everywhere yet, and it's still a pain for the long
tail of developers.

Ill be interested to see this work in action.

>
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

v2.23.0 | Report a Bug | By Email