Re: [GNAP] GNAP Editors' Use of GitHub Issues

Yaron Sheffer <> Sun, 06 December 2020 17:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 39CBF3A0418 for <>; Sun, 6 Dec 2020 09:17:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dgxffjquZE6G for <>; Sun, 6 Dec 2020 09:17:04 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F0A53A044E for <>; Sun, 6 Dec 2020 09:17:04 -0800 (PST)
Received: by with SMTP id e25so11560434wme.0 for <>; Sun, 06 Dec 2020 09:17:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=270R+UqkXoKcI5uIlbmrAcY9h1PfKlg0oG1+NIC3mZk=; b=LTOWUdm031K1IHCBfE7f7nqyf1ZVsid64oUVZIi+To8VCxtkGn0yf0HZr3c8nN9PCA jdHbZSdiZoWBEUZIKO8mCq0p5zt7E3FHi1UimlVRKcRp+Z3JnLD2MLEWItBGlHc4o588 e0n2H/Yueyqwr5/ljEtRAzDmYm7AplGaxiDi8nkRTzSSEwbyTQ+5Fu1MEkBuDCrlqcXL +eQ1M2Bcs1Zh8MNrJgOGeolifVCG1Qd6K3DJb5ZKmLZdghUJIJBD1EBcsM2umQvdfbDe F1wEADkOIohRuxC2r2mwECoAGYB9sUSIKuFA6KuBzEHII96PUZE10mhArey4EuoHqiXX Attg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=270R+UqkXoKcI5uIlbmrAcY9h1PfKlg0oG1+NIC3mZk=; b=l7u95JH0bi0AvRbYT92nvuOkBVNd0yO6isLqjBji55JiixoAlLoK1G1bWrt8211Qnv xULm3FJwEM/YGV7bOZPJqUz9PZDVk6a3mHHaeMnuBN+T6ZTh0/B1YEQDtbA3WgmF4PXw KWQwWYoivTPtl9mVhMroRGOTnP2VHsHTrM2FxvRRbG5bFFNCrBFv7UiA+rQKLAg3eovD FlIjOY/EyI4a/zidECAvSZdQ0OTNylZ2iHe9oLKnt753PMIFZt1vGshAiBN4Y3psWvlR BKFHToYYBHnJknX6apFLDzwIygQ5qHkp6C7kT0UFffSacdzgS0SZ4sWF57lL+Swa0rWP PxuA==
X-Gm-Message-State: AOAM531sHsL01w1TMAC6lA3RUU8cVG/KYVzyrPBC6jh4kWZmiZYCDdhu z01gf3//zRlv6hONSCpdfLA=
X-Google-Smtp-Source: ABdhPJySx7ZbRjGH/R4iUwiFI0OIhimcAgov0lUYTYbvQzNm/CzkYVLJXnAJ4ph3x8LaQuA8XvYdBQ==
X-Received: by 2002:a1c:730c:: with SMTP id d12mr14431559wmb.3.1607275022338; Sun, 06 Dec 2020 09:17:02 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id x66sm10945466wmg.26.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Dec 2020 09:17:01 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.43.20110804
Date: Sun, 06 Dec 2020 19:16:59 +0200
From: Yaron Sheffer <>
To: Aaron Parecki <>, GNAP Mailing List <>
CC: Fabien Imbault <>, Justin Richer <>
Message-ID: <>
Thread-Topic: [GNAP] GNAP Editors' Use of GitHub Issues
References: <> <> <> <> <> <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3690127020_868984653"
Archived-At: <>
Subject: Re: [GNAP] GNAP Editors' Use of GitHub Issues
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Dec 2020 17:17:08 -0000

Regarding issues being closed with “needs text”, I don’t think people are going to scour the closed issues looking for interesting stuff 😊. As I said in the past, nobody cares for closed issues.


Instead, I suggest to take these issues to the list and ask people to provide text. If nobody does, say within a week, close the issue.





From: Aaron Parecki <>
Date: Friday, December 4, 2020 at 00:14
To: GNAP Mailing List <>
Cc: Fabien Imbault <>om>, Yaron Sheffer <>om>, Justin Richer <>
Subject: Re: [GNAP] GNAP Editors' Use of GitHub Issues


Thanks for all the discussion around this so far. On our editors call yesterday we talked about the "Postponed" label and have a new solution that hopefully addresses the feedback from this discussion.


The high-level goal with the "Postponed" label was to be able to triage issues quickly while also making it clear that closing an issue doesn't mean we are rejecting the topic of the issue. The "Postponed" label clearly didn't communicate that intent. We will delete the label and instead replace our use of it with both:


* Leaving an issue open and adding it to a milestone for the next upcoming IETF meeting

* Closing an issue and adding the "Needs Text" label


Adding an issue to the milestone of the next meeting will give us a timeline for making sure we come back to that issue, avoiding leaving a lot of hanging issues open with no clear path to move forward. Closing an issue with the "Needs Text" label indicates that there is nothing concrete to do with the issue at the moment, but if someone would like to propose specific text, the issue can be re-opened and discussed further. 


Justin and Fabien, feel free to chime in to clarify if needed!


- Aaron



On Mon, Nov 30, 2020 at 9:29 AM Justin Richer <> wrote:

With the editor hat on:


A new spec like this is exciting work, and it’s inevitably going to bring in lots of ideas of what it could do and what it could incorporate. These ideas are extremely valuable as they are what push new work into the realms of innovation and possibility and out of the status quo from which it sprang. But there’s a downside to this stream of ideas: most of them aren’t solid enough to incorporate in any way. They’re just loose ideas that maybe we want to consider, but they don’t have anything we can turn to and say “we should build that” or “we shouldn’t build that” since there isn’t any “that” to build. 


The editors have found that many of the issues currently filed seem to fit into this category. There might be an interesting idea in there, but without something specific to tie the idea to, we don’t have a lot to work with as editors, and there are a lot of other items that the group needs to decide and fix first. It’s an issue of triage.


The goal of the “Postponed” tag, as I understand how we’re using it, is to tag issues that might need some future discussion, but we aren’t there yet. Something tagged as “Postponed” but left open long term was meant to flag it as an important detail we should get back to, when we can. Something tagged “Postponed” and closed was meant to flag it as something we might want to revisit, but only when we’ve got something concrete to work against. It’s not meant to say that the group has decided not to do it, it’s meant as a way to acknowledge the input and potentially tie back to it in the future, even if the issue got closed.


It seems like the terminology of “Postponed” didn’t quite capture that intent, and honestly it might not be the best tool for us to use here. I think we we can work with the idea of IETF meeting-based milestones, as has been suggested by several people. The important outcome is that we don’t create a process that’s susceptible to getting buried in “wouldn’t it be nice if…” sentiments to the detriment of forward progress on a functioning protocol. Right now, we’ve got a lot of items that amount to possible future branches, and while we shouldn’t simple forget them, we shouldn’t be focusing energy on them until someone is able to take the effort to explore that branch. At such a time, we can open a new issue and PR’s for that, and link back to these historical artifacts for background and context. By tying such issues to an IETF meeting milestone, we can put some boundaries on items to keep them from languishing. When the milestone comes up, we can evaluate if there’s something to look at yet or not.


 — Justin

On Nov 27, 2020, at 4:03 AM, Fabien Imbault <> wrote:


Hi there, 


One of the potential problems we'd like to avoid is to have an ever growing list of open issues that we never close. 


The idea of having milestones (e.g. IETF110) might be a complementary way of managing priorities.


Editors will revert back to the list after the US vacation days.





On Thu, Nov 26, 2020 at 1:26 AM Tom Jones <> wrote:

i agree - drop postponed - if you can't say till when, then close. Issues can always be added by anyone at anytime.
Peace ..tom



On Wed, Nov 25, 2020 at 10:27 AM Yaron Sheffer <> wrote:

Commenting on the proposed process (chair hat off):


I think “postponed” issues should not be closed. Once something is closed, we should be reasonably confident that it is resolved for good. People rarely search through closed issues.


Moreover, IMO the label “postponed” is not actionable. Instead, I suggest to mark such issues with future milestones, e.g. “IETF110”, meaning that at this time we will review the issue. Otherwise, the “postponed” issues will probably suffer the destiny of all “low priority” issues – they will be ignored for months and eventually closed en masse. See [1] for GitHub milestones.


Otherwise I am fine with the rest of the process.








From: TXAuth <> on behalf of Aaron Parecki <>
Date: Wednesday, November 25, 2020 at 18:37
To: GNAP Mailing List <>
Subject: [GNAP] GNAP Editors' Use of GitHub Issues


The editors met yesterday to discuss the issues that were pulled out of the previous draft text and document a process for how to resolve these and future issues. We would like to explain how we plan on using labels on GitHub issues to keep track of discussions and keep things moving.

When there are substantive issues or pull requests, the editors will avoid merging or closing those outright, and instead mark them as "pending", so that these can be brought to the attention of the larger group. If no additional discussion happens on these, the merge or close action will be taken in 7 days. Note for this first round we are setting the deadline for the issues below as Dec 11th due to the US holiday and the fact that this is the first time using this process.

"Pending Merge"
When specific text is proposed in a PR (by anyone, not limited to the editors), and the editors believe this text reflects the consensus of the working group, this marks that the PR will be merged in 7 days unless there is a clear alternative proposal accepted by the working group.

"Pending Close"
When the editors believe an issue no longer needs discussion, we'll mark it "Pending Close". The issue will be closed in 7 days unless someone brings new information to the discussion. This tag is not applied to issues that will be closed by a specific pull request.

There are two additional labels we will use to flag issues to the group.

"Needs Text"
The editors suggest this issue needs additional text in the spec to clarify why this section is needed and under what circumstances. Without a concrete proposal of text to be included in the spec, this section will be removed in a future update.

This issue can be reconsidered in the future with a more concrete discussion but is not targeted for immediate concrete changes to the spec text. When used on its own, this label does not indicate that an issue is targeted to be closed. An issue may also be marked "Pending Close", and this is used so that we can distinguish closed issues between discussions that have concluded or things that we may want to revisit in the future. Remember that closed issues are not deleted and their contents are still findable and readable, and that new issues can reference closed issues.

With these labels in mind, here are the list of issues and their statuses we were able to discuss on our last editor's call. The action on these pending issues will be taken on Dec 11th to give the group enough time to review this list. For this first round, many of the issues are marked "Pending Close" as we're looking for low hanging fruit to prune the list of issues down. In the future, you can expect to see more "Pending Merge" issues as we're bringing proposed text to review by the WG.


* Generic claim extension mechanism

Pending Merge:

* Make access token mandatory for continuation API calls

Postponed and Pending Close:

* Fetchable Keys
* Including OpenID Connect Claims
* Application communication with back-end
* Additional post-interaction protocols

Pending Close:
* HTTP PUT vs POST for rotating access tokens
* Use of hash with unique callback URL
* Interaction considerations
* Expanding dynamic reference handles
* Post interaction callback nonce
* Unique callback URIs 
* Instance identifier
* Requesting resources by reference
* Mapping resource references


Aaron Parecki


-- TXAuth mailing list 

TXAuth mailing list

TXAuth mailing list

TXAuth mailing list