3.1, 3.2, and 4.1, parameter definitions: None of these parameter definitions specify the syntax of the parameters defined, making understanding these quite confusing. Yes, this is talked about later in the doc but there are not even forward references to where the definitions are completed in most cases. Please fully specify the parameters when they are defined.
3.1 req_aud: Doesn't this duplicate the "resource" parameter defined by https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-01? If so, please delete this parameter. If not, say how it is different and why the differences are necessary. 5 cnf in the introspection response: Which token is being referred to by the phrase "bound to the token". The access token? The refresh token? Another kind of token? Please make this more specific. 6 CBOR Mappings. The table contains the magic numbers 8, 17, 18, and 19. >From what space are these numbers being allocated and what registry are they in? Per my earlier reviews of the ace-authz spec, I believe that the ACE OAuth parameters should all be registered in the CWT Claims registry because of the possibility of them being used in signed requests in a manner analogous to https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-17. The parameters need to be registered to avoid claim number conflicts. Missing Examples: The best thing you could do to help developers understand what these values are and how they use them is to add examples, just as was done in RFC 7800. Please add examples of each of the parameters using the JSON representations of them. Optionally, also add CBOR examples if you believe that they will convey important information to developers that the JSON example's don't. Thank you, -- Mike -----Original Message----- From: Ace <[email protected]> On Behalf Of Jim Schaad Sent: Monday, October 8, 2018 2:35 PM To: [email protected] Subject: [Ace] WGLC for draft-ietf-ace-oauth-params The chairs believe that the set of documents dealing with the OAuth framework for constrained environments is nearing the point that we should be able to advance it to the IESG for publication. We therefore want to have a full list of issues that need to be dealt with at the Bangkok meeting. This starts a 2 week WGLC for draft-ietf-ace-oauth-params We know that the following issues are outstanding: draft-ietf-ace-oauth-params: * No current known issues Jim & Roman _______________________________________________ Ace mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
