Re: [OAUTH-WG] Mirja Kühlewind's Discuss on draft-ietf-oauth-device-flow-11: (with DISCUSS)
Mirja Kühlewind (IETF) <ietf@kuehlewind.net> Thu, 18 October 2018 10:34 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D67E130E44; Thu, 18 Oct 2018 03:34:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0d1T-92kteXO; Thu, 18 Oct 2018 03:34:43 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34BD1130DFC; Thu, 18 Oct 2018 03:34:43 -0700 (PDT)
Received: from nb-10688.ethz.ch ([82.130.103.20]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpa id 1gD5dX-0000el-Sa; Thu, 18 Oct 2018 12:34:39 +0200
To: William Denniss <wdenniss=40google.com@dmarc.ietf.org>
Cc: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, oauth <oauth@ietf.org>, oauth-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-oauth-device-flow@ietf.org
References: <153245825559.22685.11395607099141261021.idtracker@ietfa.amsl.com> <CAAP42hBhpTRsVQr7jr-YfBEttJ+grafxn4SEL_jfdYUOkwdA4g@mail.gmail.com>
From: "Mirja Kühlewind (IETF)" <ietf@kuehlewind.net>
Message-ID: <efea7743-269b-15c1-03d5-4a1b490ed53b@kuehlewind.net>
Date: Thu, 18 Oct 2018 12:34:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAAP42hBhpTRsVQr7jr-YfBEttJ+grafxn4SEL_jfdYUOkwdA4g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A3EB29A29CC992F238632CA6"
Content-Language: en-US
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1539858883;c117486e;
X-HE-SMSGID: 1gD5dX-0000el-Sa
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/zscQxWaVbLhBOd1_7uF17y8q8vM>
Subject: Re: [OAUTH-WG] Mirja Kühlewind's Discuss on draft-ietf-oauth-device-flow-11: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 10:34:47 -0000
Hi William, sorry for my very late reply. I must have missed this update and just finally some had time to look through my open discusses. Thanks for addressing my comments quickly and adequately; I just cleared my discuss. Regarding the last point below, I think if that is an optimization the MAY is okay. Thanks and sorry again for the late response! Mirja On 02.08.18 02:24, William Denniss wrote: > Mirja, > > Thanks for your feedback. Version 12 has been posted which > incorporates much of your feedback. Replies inline: > > On Tue, Jul 24, 2018 at 11:50 AM, Mirja Kühlewind <ietf@kuehlewind.net > <mailto:ietf@kuehlewind.net>> wrote: > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Please specify more clearly the (default) polling behavior to > ensure that the > polling does neither overload the network, nor the server, or is never > terminated. Ideally provide default values and an upper bound for > the polling > frequency, as well as a timer to terminate polling if no reply is > received (and > no expiration time is given). See further details below. > > 1) Sec 3.3: "until the user completes the interaction, the code > expires, or > another > error occurs." > What if not expiration time is given (as this optional) and no > reply is ever > received? > > > The expiration time is now required. > > > 2) Sec 3.5: "the client should stop polling and react accordingly, for > example, by displaying an error to the user." > Maybe: > "the client MUST stop polling and SHOULD react accordingly, for > example, by displaying an error to the user." > > > Added, thanks! > > 3) sec 3.5 "If no interval was provided, the client > MUST use a reasonable default polling interval." > Can you please provide a default number for a "reasonable" polling > interval! > And in best case an upper bound! > > > We set a default of 5 seconds. > > > 4) sec 3.5: "...increasing the time between polls if a > "slow_down" error is received. " > Maybe use a separate normative sentence instead: > "The client SHOUD increase the time between polls if a > "slow_down" error is received." > Or MUST? If so how much? Can you given further (default) guidance. > > > We now document that every slow_down message should increase the > interval by 5 seconds. > > > 5) sec 3.5: "Clients MAY then choose to > start a new device authorization session." > Maybe make it clear that polling is stopped > "Clients MUST stop polling but MAY then choose to > start a new device authorization session." > > > This was revised, thank you! > > > 6) sec 3.5: "then the > device MAY wait until notified on that channel that the user has > completed the action before initiating the token request." > Why not SHOULD (or MUST) here? > > > This is a non-normative discussion of a potential optimization, > perhaps we should drop the normative keyword completely? > > The reason MAY was chosen is that the client would be free to follow > the rest of this document which allows for polling. > > Best, > William >
- [OAUTH-WG] Mirja Kühlewind's Discuss on draft-iet… Mirja Kühlewind
- Re: [OAUTH-WG] Mirja Kühlewind's Discuss on draft… William Denniss
- Re: [OAUTH-WG] Mirja Kühlewind's Discuss on draft… Mirja Kühlewind (IETF)