The OAuth URI registry <https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xml#uri> on the OAuth Parameters <https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xml> registry page was established by RFC6755 An IETF URN Sub-Namespace for OAuth <https://www.rfc-editor.org/rfc/rfc6755.html>, which says it "establishes an IETF URN Sub-namespace for use with OAuth-related specifications." The subnamespace of "urn:ietf:params:oauth:" (which I got wrong by omitting the "ietf:" part in my prior message, apologies) was created stating in the intro <https://www.rfc-editor.org/rfc/rfc6755.html#section-1> that "OAuth relevant parameters will be established underneath it." The presence of the word "oauth" in the URN Sub-namespace itself also implies some relationship to OAuth.
COSE and COSE keys and their thumbprints are not OAuth-related specifications nor OAuth relevant parameters. That's why I feel this is incorrect. JWK Thumbprints URIs <https://www.rfc-editor.org/rfc/rfc9278.html> are arguably also not OAuth-related. I'd be pretty sympathetic to that argument. I'd also be sympathetic to an argument that that document shouldn't even exist. But it's much too late to do anything about that now. And JWKs are used in some OAuth-related specifications and the document came up through the OAUTH WG so there is some relationship, if a rather tenuous one. On Mon, Oct 7, 2024 at 5:36 PM Orie Steele <[email protected]> wrote: > Brian, indeed this was done to align with the existing JWK Thumbprint URI. > > Why do you feel this is incorrect? > > Here is the JWK example: > > urn:ietf:params:oauth:jwk-thumbprint:NzbLsX... > > In an ideal world, I think names for keys should be shorter... and not > protocol specific. > > Something like: > > urn:jkt:Nzb.... > > urn:ckt:Nzb.... > > But that's not the way these parameters have been registered historically. > > OS > > On Mon, Oct 7, 2024, 5:34 PM Brian Campbell <bcampbell= > [email protected]> wrote: > >> I realize this comes quite late, sorry, probably too late for any action. >> I find myself here due mostly to a tangentially related discussion in a >> different standards-related organization. >> >> But can anyone explain the justification for the use of the OAuth URI >> registry here? I realize the registry exists so it was probably a >> convenient thing to do to carve out a URN sub-namespace. And I know that, >> for better or worse, the JWK Thumbprint URI uses "urn:oauth:params:" so >> this was likely just following what was done there. But the use of >> "urn:oauth:params:" for a COSE Key Thumbprint URI really doesn't seem quite >> right. >> >> On Thu, Apr 4, 2024 at 9:04 AM Tschofenig, Hannes <hannes.tschofenig= >> [email protected]> wrote: >> >>> Hi David, >>> >>> I hope it is OK for me to do the expert review given that I am also an >>> author of the specification. >>> >>> I checked the text in the IANA registry of the draft against the body of >>> the document and the request to add a new entry to the OAuth URI registry >>> for the URN: urn:ietf:params:oauth:ckt is correct. >>> >>> Ciao >>> Hannes >>> >>> PS: Could you remove the Arm email address from the IANA system? >>> >>> -----Original Message----- >>> From: COSE <[email protected]> On Behalf Of David Dong via RT >>> Sent: Wednesday, 13 March 2024 20:38 >>> Cc: [email protected]; [email protected] >>> Subject: [COSE] [IANA #1361034] expert review for >>> draft-ietf-cose-key-thumbprint (oauth-parameters) >>> >>> Dear Hannes Tschofenig (cc: cose WG), >>> >>> As the designated expert for the OAuth URI registry, can you review the >>> proposed registration in draft-ietf-cose-key-thumbprint-04 for us? Please >>> see >>> >>> https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/ >>> >>> The due date is March 27th, 2024. >>> >>> If this is OK, when the IESG approves the document for publication, >>> we'll make the registration at: >>> >>> https://www.iana.org/assignments/oauth-parameters/ >>> >>> With thanks, >>> >>> David Dong >>> IANA Services Sr. Specialist >>> >>> _______________________________________________ >>> COSE mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/cose >>> _______________________________________________ >>> COSE mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/cose >>> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.*_______________________________________________ >> COSE mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
