Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 3B5C6C151992;
	Thu,  3 Oct 2024 03:55:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level: 
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
	RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001,
	RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001,
	SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01,
	URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
	header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Zor8Ft1kYyDd; Thu,  3 Oct 2024 03:55:50 -0700 (PDT)
Received: from CY4PR05CU001.outbound.protection.outlook.com
 (mail-westcentralusazon11020089.outbound.protection.outlook.com
 [40.93.198.89])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 156AEC14F6EE;
	Thu,  3 Oct 2024 03:55:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=he9tFFe9WIdisHRngEmslKnzUM3vwgDGRiUeJ5qwYku5YXd/9sa6HVNvytLmEHiyfv3oiwktG2lP/5watZCGsSfL1aui9DIwzyfQVVUF3arD+sERkdxmxsPvqVbX2Nwaz5bxmKJYZOwruq9YMqt1QEmSMhPwbdOdVM5Th9sPXW3XfZ5s1bknKO1hamBPiQP/JvIAjEP9qNdFj6E5gWNbFtlzOs4szRpDqLN1adG/4SDhAfSJ86SqdGoPbQ68MkgPs/XSP3xy/t4t4dyLRB1frAKM3oSxZSWqc3/svgQLyhstDQLOAuWalr1KIL44Ixj9q+JHZQbyHKm9vXf13IEOaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OHFp1l12AlvB8Gv7w78pWJF5TzAtC480JN48JOEdk3s=;
 b=WU8gbCo8LP27AdAtPJreNmgBYFbQ3KkcuFdcBycyzk8GufHMP4zyY5R8BZriyTmxAuVvsadU7O/eLTOvhj+W3XCcHlF+y51Ogge5gkPvM8T7wnoMnJeBTbUE0y6Wm0veVChzxjLPaZauEKe167Tc/URh7Nbwo1NXYRHryv1w1U+Vk/xzidQPHLIcC1CtqVmQ70ikWI6EFcNclTFZUuTLZyO5EVgLSM+G84SurQaMG4IhITxQTNI/HhkBmGWsicqtLw9/bPHFxEZ2aPnaawbuVitwZdKaAjr+YHiRusmPOcIkXmsWs4FOKN5zqBWeQUC0SrzFkqqRtTBgOrNVQUXL/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass
 header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OHFp1l12AlvB8Gv7w78pWJF5TzAtC480JN48JOEdk3s=;
 b=q9cqm1OvjZ5CKH8yxf5zbhgPb91m8c9mp9XchgA4RFJ2nJS1OMwUe2nC1e7XJXg7qogAgejKWe01iLsMvj0z7YEK/w3maw4QpojXwfY3xtJdKOqc1KgaFUamOuHtwBCSIUo8YsY7/ZYW9HmvVJxzP/1fActIrsHIsDWt3pZty78=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by
 PH0PR01MB7254.prod.exchangelabs.com (2603:10b6:510:102::24) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7982.28; Thu, 3 Oct 2024 10:55:48 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com
 ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com
 ([fe80::e7d6:999:270f:a820%6]) with mapi id 15.20.7982.022; Thu, 3 Oct 2024
 10:55:47 +0000
From: Justin Richer <jricher@mit.edu>
To: Murray Kucherawy via Datatracker <noreply@ietf.org>, The IESG
	<iesg@ietf.org>, Murray Kucherawy <superuser@gmail.com>
Thread-Topic: [GNAP] Murray Kucherawy's No Objection on
 draft-ietf-gnap-resource-servers-09: (with COMMENT)
Thread-Index: AQHbFU7tpXYBKS4GdUWkN4s5q8t+krJ02pAh
Date: Thu, 3 Oct 2024 10:55:47 +0000
Message-ID: 
 <LV8PR01MB867786C52E2A3311E30E4482BD712@LV8PR01MB8677.prod.exchangelabs.com>
References: 
 <172793062149.1107581.5816855187699932558@dt-datatracker-7bbd96684-zjf54>
In-Reply-To: 
 <172793062149.1107581.5816855187699932558@dt-datatracker-7bbd96684-zjf54>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|PH0PR01MB7254:EE_
x-ms-office365-filtering-correlation-id: 37352f56-74a4-4774-8f39-08dce399f02b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: 
 BCL:0;ARA:13230040|366016|4022899009|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: 
 =?us-ascii?Q?fKc5O/KpLQ2LbltkWDWXo4Rb+Os91gJ3Cm4C0K59rhgihjl9sew+N1AlJHKg?=
 =?us-ascii?Q?FyClMBpET4ACmLkLaCTnNNMx5X1O6wueIrIBoGcPQEjyiIIT90+MfV9MFsiI?=
 =?us-ascii?Q?yqNVtS1oaykR6Ap14uh/Ta9DfVvnB4ld7O6gPaNytRKvYnzq7vjWsIkI1xWp?=
 =?us-ascii?Q?1R1sXkyEKq2FF0tJ/42bXqrivOQt5ucij09f0+zK//k0uA/gQwbrTPIt60Up?=
 =?us-ascii?Q?KqjcAZaTnqWJWqe6uQSRR3toQlqLHkOnRHTrKezmsgFVqwuws0dYHlJ5gw3O?=
 =?us-ascii?Q?YiCeC8dPevf2O4MLHGQqWlLck5qbUrEYcTe292BvaTXFUfeNbz3nPxnXYtHO?=
 =?us-ascii?Q?xH86vt0m2222EzYbEjR5eF/e5+OhHd4ZtyrpiHseC580VOJAh6qKsSMW5UM8?=
 =?us-ascii?Q?Hymfqr5b7gPCwTtHH6/LneKWxYC2spRw50hN8yUNmOwr1lmJlrn53a0g4T2H?=
 =?us-ascii?Q?pnBJJread7/gRgyuImR5SdpOAQ4jfO06oAAMhlACaoOaI8Glc0NOJexDMcFq?=
 =?us-ascii?Q?CTN/NgBj5LsqaE1fC7sSCl5UdEoyjp7yhP/q0STmn1SPV076gJDjeRvMcl7k?=
 =?us-ascii?Q?bvb7vaOTQ6XWUuTtw8jHb2q4J8RDot1+IevMjUOa/C+Qj92VAu9mKtkLIZXf?=
 =?us-ascii?Q?A9ecQ/HxbuukoOGABufNoSb7XeFTDTaAJjb1C11j3fb2MhTlOzoGF6HO1DJG?=
 =?us-ascii?Q?v4S4Jxshl8wYj9OhEWWaMyvMfdlzq1awI4MC3Cn3XUvVc4/S/g4wKaiKTWJG?=
 =?us-ascii?Q?6CWYaRvIeUMVutY9rPrRSdqG3d5sMwSEp+8WOqUAH8WOgQzEcaolCu+p/zYP?=
 =?us-ascii?Q?P3V+VVBol81fCF6gJyIBzNDKO6CdxqF27DQVQDUaDO7smUSk86EW5RKwN883?=
 =?us-ascii?Q?mVKJigP1lzPV4Q8r8Md+6jKTyClz7t0qpUxqOk/plaPuvwdHIEOrd8nkXQOu?=
 =?us-ascii?Q?DOB3OFOZP5FqMbVkUTKVH5K52C6Fs/p40I3HdoGlvu8N0mn8ON4E+g2+7/ns?=
 =?us-ascii?Q?qwJ+60bx1U+vUmuNfaym3AGm2ex2UnyBmzytuO1cVVZG8uUiUhuMCwdA0Lfx?=
 =?us-ascii?Q?tbZtVPgjvxgx5QWZzgUA2hDDGKX4pC/6HvLtRMNAGcOZ0UoY9QSMUkcddJnA?=
 =?us-ascii?Q?ztT7DpdPT+S9OecXBKBdNz+wnKyX/rx9kifVAuJUW4qjONcjilvAUR4KGQO3?=
 =?us-ascii?Q?iotrUX4UNKvpbWQryQeHSvgXO1UW/dP+tjK0BSwTK/z1gExSuikux+bsu9lY?=
 =?us-ascii?Q?+Y7hSH8kD/UTmtGO0EUi+pY1Rr3/DRPIohLC8QQfNvtcnlxHxig7Xhk1d3qq?=
 =?us-ascii?Q?27OCFbEOM1LEBVy2eHIJAD6q5jLDSnFAcNpeqDDoHIR5ng=3D=3D?=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(4022899009)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?qa82inSCWo9q00QrQJ4TsyCMOnVtu/JowDEqm4FcUcHQ4SJ/sY0A9E4rk3nd?=
 =?us-ascii?Q?UJxR0CGrREQg/tFTBzfRDzBQX3+oHAMDJCJxw2MQqZa+PyynQs62hI9j8iFt?=
 =?us-ascii?Q?QD5ojTz+1Wvhx62lnW8zKxCX2Lv1kIWfApTlWFfeTwnm+aaf/9AbUBQb9r3K?=
 =?us-ascii?Q?Km0xbH93SqsHd3fJ3zsmKYGUf7fuZfJuOg+ISnTe+RKl41WjRVCyZ9l2cvCE?=
 =?us-ascii?Q?a9LYdEvtgrC41MhPKt95RAutaP2JYDZRanxp17VyOQZdH4nBvgQsjOq1wiwt?=
 =?us-ascii?Q?YEHJXgbJlxIxI3abYm3V0y//DgKDhfERCEdwFZ7Hl3XSkS/3gs+lQUnkZD49?=
 =?us-ascii?Q?V05aL8XuHnh81XjpqabUxmAQLbDR5bDf/mY20r0mfJ4d/t1zZ5vv0QtrK1mn?=
 =?us-ascii?Q?DD8pfUGiHz+xPaV2crCQSptWkHIAizG05g0nHPGWjohdV4GcY8JxkF+jO61Y?=
 =?us-ascii?Q?hGMOQeNyCDNrZlRaaOPXGSSgfQUNE9D4nHp4AKgNohEpYCK3I8gyMAy7RoHl?=
 =?us-ascii?Q?uQBfDIeTScyTWOfZXBy+t+TPYmErUj8f+3D1jBe6Sw5XYBCe7nd395bKt2x4?=
 =?us-ascii?Q?cvkt+QdMOHDLC/fKeU8y79qIM3TnGmV02mSx9mj+big93u1r1fInZhlWz/jl?=
 =?us-ascii?Q?h8Th/VGMBsEQ6p8OV7NDcIAa/g5tB+8OQjS0mOA7xQMeSfPSlFrdjdaE/RFz?=
 =?us-ascii?Q?6/ZpEMc3mtkOb2sD+nx8Wyj2SBvVRKoYwATNepiAveQvBRMzl4NGNAoJEsw5?=
 =?us-ascii?Q?U+6X97IFy9AYfO/f9h3V3tQoK0M7kUQqYevj5tAjeQ8rXumrnnE8/NwTQgJa?=
 =?us-ascii?Q?NJebczS8X9fTUcc2wp+6l2HEK27rsReLJr2mvuTvtX9ANYAuCciyL28gUcNx?=
 =?us-ascii?Q?vy04Gg1paqQHwbwlTGj22+whdrYy8rE28/RxUtpRGqtk7Aa61I64Lpf6rplq?=
 =?us-ascii?Q?fP8gN0T76l3XgplAZytEeZLFmw3Ct9RKuGJOSGBHR/GIpEzNNlShUVN9K2T5?=
 =?us-ascii?Q?wg8jPt0iTYacEHVRPh0IXOkNrvGUiZoymRLISvUulAj1KVdjJkF+7eZkAHwd?=
 =?us-ascii?Q?SbxJuKiETSrHvU0JdUNH4WKXwjQjSjgKUs23UL+hrF7r9YsxorFm6ZlWEDPu?=
 =?us-ascii?Q?Mv8gmWEOEQC3p1IE8B5P0wItHaXijogT5xAlJBauo5lSfxatUqJX9XmW2khw?=
 =?us-ascii?Q?zF4GyBRIKE5iX30K83i2lsE4gqkANjr6dDn06VvexrFgKdnnRXwwwE348hFT?=
 =?us-ascii?Q?toHzkZ16oxs1P7FFdUZLkgybpSZ0sSBlsivX57xdheJK6LYVVdskOD9Nhmd4?=
 =?us-ascii?Q?b39XYiCehSOorv6TadZCAVBnwnTNkvA80ipEvT9ujqY1VwTMV3vj4nqCNz+U?=
 =?us-ascii?Q?Pp4N9dnrkk8aqHeXpIIqnndP/3EpeSBaUNkOC1X4mR+lYqzW3/8lQfAD2v3R?=
 =?us-ascii?Q?0KBVxa0TjHVtwqSyb/OGgHGVEa0Az96ZsSOQRcG7lzfHcCGxvhO5iN1ovikS?=
 =?us-ascii?Q?XzeVlL4/jEY3wcsufqHQAPE1xxtISQPWJRZbMqkEAFJ4XN07iL51BeAM7P94?=
 =?us-ascii?Q?fr2/Dyaza7TxgSZa/eg=3D?=
Content-Type: multipart/alternative;
	boundary="_000_LV8PR01MB867786C52E2A3311E30E4482BD712LV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 37352f56-74a4-4774-8f39-08dce399f02b
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2024 10:55:47.8340
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 3KBdKyODihHVWJSYvKc+b4NBSuf8MddMzP4vW9l4AvA5hzVU1BHeVWt4KBeH/HAC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB7254
Message-ID-Hash: HNNFZ5MQDVALCTYUXVWG3BNSDVW2OXXZ
X-Message-ID-Hash: HNNFZ5MQDVALCTYUXVWG3BNSDVW2OXXZ
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: "draft-ietf-gnap-resource-servers@ietf.org"
 <draft-ietf-gnap-resource-servers@ietf.org>,
 "gnap-chairs@ietf.org" <gnap-chairs@ietf.org>,
 "txauth@ietf.org" <txauth@ietf.org>, "leifj@mnt.se" <leifj@mnt.se>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: =?utf-8?q?=5BGNAP=5D_Re=3A_Murray_Kucherawy=27s_No_Objection_on_draft-ietf-g?=
 =?utf-8?q?nap-resource-servers-09=3A_=28with_COMMENT=29?=
List-Id: GNAP <txauth.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/txauth/yUGQTlx1_ZQjJEPEYvrAWO8AdFc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Owner: <mailto:txauth-owner@ietf.org>
List-Post: <mailto:txauth@ietf.org>
List-Subscribe: <mailto:txauth-join@ietf.org>
List-Unsubscribe: <mailto:txauth-leave@ietf.org>

--_000_LV8PR01MB867786C52E2A3311E30E4482BD712LV8PR01MB8677prod_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The entire body is always included in the signature, so this recommendation=
 is whether the field is included in the body itself. I feel that this is c=
lear given the wider context of gnap but I might be making too many assumpt=
ions - do you have a recommendation for re wording this to avoid ambiguity?

Thank you,

- Justin
________________________________
From: Murray Kucherawy via Datatracker <noreply@ietf.org>
Sent: Thursday, October 3, 2024 12:43 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-gnap-resource-servers@ietf.org <draft-ietf-gnap-resource-ser=
vers@ietf.org>; gnap-chairs@ietf.org <gnap-chairs@ietf.org>; txauth@ietf.or=
g <txauth@ietf.org>; leifj@mnt.se <leifj@mnt.se>
Subject: [GNAP] Murray Kucherawy's No Objection on draft-ietf-gnap-resource=
-servers-09: (with COMMENT)

Murray Kucherawy has entered the following ballot position for
draft-ietf-gnap-resource-servers-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-=
ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-gnap-resource-servers/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

The document status question in the shepherd writeup was not completed.

Thanks to Rich Salz for his ARTART review.

Possibly an odd question, which you can blame on my DKIM background, but in
Section 3.3:

(BEGIN)
The RS signs the request with its own key and sends the value of the access
token as the body of the request as a JSON object with the following member=
s:

[...]

proof (string): RECOMMENDED. The proofing method used by the client instanc=
e to
bind the token to the RS request. The value MUST be in the GNAP Key Proofin=
g
Methods registry.

[...]

{
    "access_token": "OS9M2PMHKUR64TB8N6BW7OZB8CDFONP219RP1LT0",
    "proof": "httpsig",
    "resource_server": "7C7C4AZ9KHRS6X63AJAO"
}
(END)

Is the RECOMMENDED referring to the presence of "proof", or its inclusion i=
n
what gets hashed for the signature?



--
TXAuth mailing list -- txauth@ietf.org
To unsubscribe send an email to txauth-leave@ietf.org

--_000_LV8PR01MB867786C52E2A3311E30E4482BD712LV8PR01MB8677prod_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body>
<div style=3D"font-family: inherit; font-size: inherit; color: rgb(0, 0, 0)=
; background-color: transparent;">
</div>
<div>The entire body is always included in the signature, so this recommend=
ation is whether the field is included in the body itself. I feel that this=
 is clear given the wider context of gnap but I might be making too many as=
sumptions - do you have a recommendation
 for re wording this to avoid ambiguity?</div>
<div><br>
</div>
<div>Thank you,&nbsp;</div>
<div><br>
</div>
<div>- Justin&nbsp;</div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" st=
yle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Murray Kucherawy via =
Datatracker &lt;noreply@ietf.org&gt;<br>
<b>Sent:</b> Thursday, October 3, 2024 12:43 AM<br>
<b>To:</b> The IESG &lt;iesg@ietf.org&gt;<br>
<b>Cc:</b> draft-ietf-gnap-resource-servers@ietf.org &lt;draft-ietf-gnap-re=
source-servers@ietf.org&gt;; gnap-chairs@ietf.org &lt;gnap-chairs@ietf.org&=
gt;; txauth@ietf.org &lt;txauth@ietf.org&gt;; leifj@mnt.se &lt;leifj@mnt.se=
&gt;<br>
<b>Subject:</b> [GNAP] Murray Kucherawy's No Objection on draft-ietf-gnap-r=
esource-servers-09: (with COMMENT)</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt;=
">
<div class=3D"PlainText">Murray Kucherawy has entered the following ballot =
position for<br>
draft-ietf-gnap-resource-servers-09: No Objection<br>
<br>
When responding, please keep the subject line intact and reply to all<br>
email addresses included in the To and CC lines. (Feel free to cut this<br>
introductory paragraph, however.)<br>
<br>
<br>
Please refer to <a href=3D"https://www.ietf.org/about/groups/iesg/statement=
s/handling-ballot-positions/">
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions=
/</a> <br>
for more information about how to handle DISCUSS and COMMENT positions.<br>
<br>
<br>
The document, along with other ballot positions, can be found here:<br>
<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-gnap-resource-server=
s/">https://datatracker.ietf.org/doc/draft-ietf-gnap-resource-servers/</a><=
br>
<br>
<br>
<br>
----------------------------------------------------------------------<br>
COMMENT:<br>
----------------------------------------------------------------------<br>
<br>
The document status question in the shepherd writeup was not completed.<br>
<br>
Thanks to Rich Salz for his ARTART review.<br>
<br>
Possibly an odd question, which you can blame on my DKIM background, but in=
<br>
Section 3.3:<br>
<br>
(BEGIN)<br>
The RS signs the request with its own key and sends the value of the access=
<br>
token as the body of the request as a JSON object with the following member=
s:<br>
<br>
[...]<br>
<br>
proof (string): RECOMMENDED. The proofing method used by the client instanc=
e to<br>
bind the token to the RS request. The value MUST be in the GNAP Key Proofin=
g<br>
Methods registry.<br>
<br>
[...]<br>
<br>
{<br>
&nbsp;&nbsp;&nbsp; &quot;access_token&quot;: &quot;OS9M2PMHKUR64TB8N6BW7OZB=
8CDFONP219RP1LT0&quot;,<br>
&nbsp;&nbsp;&nbsp; &quot;proof&quot;: &quot;httpsig&quot;,<br>
&nbsp;&nbsp;&nbsp; &quot;resource_server&quot;: &quot;7C7C4AZ9KHRS6X63AJAO&=
quot;<br>
}<br>
(END)<br>
<br>
Is the RECOMMENDED referring to the presence of &quot;proof&quot;, or its i=
nclusion in<br>
what gets hashed for the signature?<br>
<br>
<br>
<br>
-- <br>
TXAuth mailing list -- txauth@ietf.org<br>
To unsubscribe send an email to txauth-leave@ietf.org<br>
</div>
</span></font></div>
</body>
</html>

--_000_LV8PR01MB867786C52E2A3311E30E4482BD712LV8PR01MB8677prod_--