Hi all, I have two quick questions concerning IANA actions to be done for the OSCORE profile:
1) The framework (-params) and the profile are currently conflicting on the registration of parameters, and we need to fix that. In the framework, parameters that are sent from Client to AS (such as req_cnf) are registered in the OAuth Parameters Registry as having "Parameter Usage Location: token request". The OSCORE profile registers parameters sent from Client to RS (such as nonce1) with "Parameter Usage Location: token request". The possible "Parameter Usage Location" are "token request" "token response" "authorization request" "authorization response" (see https://tools.ietf.org/html/rfc6749#section-11.2.1 ). It seems that "authorization request/response" are to the Resource Owner, and "token request/response" are to the Authorization Server. I think the framework is using the right names, but I am not sure what other location to put there, I think there is no name for Client-to-RS and RS-to-Client in the registry right now. 2) The OSCORE profile defines a new registry, the OSCORE Security Context Parameters registry. The question is where to put this registry? My proposal is to put it under https://www.iana.org/assignments/core-parameters/core-parameters.xhtml . Any objections? Thanks, Francesca _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
