There are at least two different sets of criteria that can be used at this point that I can think of.
The first is the registration is complete and understandable. Recommendations may be made to the template to make it either more complete or more understandable. This is the basic criteria that is used for the media types registry. The second is that the item being registered makes sense. This includes an evaluation of what is being registered. Is there a better way to do this? Is this harmful to the JOSE world? Do I think that the person doing the application is a complete idiot? This is similar to the criteria that is being used for the TLS extension library. There is a difference in the criteria that is being used in the two cases about what type of evaluation is being done. The first is basically a make it understandable. The second is basically a make it correct and usable and kill those things which are bad for the world. In the second case it makes sense to give a set of criteria that should be used for it is harmful. Given that there has been a long history of a section of the group arguing that new things should not be created, this would mean that the second is where I would expect the bar to be. However, if not stated then it can really on be the lower bar that is used. I don't know how much the oauth list has been used to do registrations. Other groups, such as the krb-wg, have found that without some type of criteria it has been much more difficult to decide what should be registered and what should not be registered. Jim > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > jose issue tracker > Sent: Wednesday, August 21, 2013 4:02 PM > To: [email protected]; > [email protected] > Cc: [email protected] > Subject: Re: [jose] #86: Section 7.2. JSON Web Key Set Parameters Registry > > #86: Section 7.2. JSON Web Key Set Parameters Registry > > > Comment (by [email protected]): > > Is there standard registration criteria language used in RFC that we could > consider? The current language is adapted from OAuth, with I believe > adapted it from another RFC. Or is the point of having experts that they're > trusted to make these judgment calls? > > -- > -------------------------+---------------------------------------------- > -------------------------+--- > Reporter: | Owner: draft-ietf-jose-json-web- > [email protected] | [email protected] > Type: defect | Status: new > Priority: major | Milestone: > Component: json-web- | Version: > key | Resolution: > Severity: - | > Keywords: | > -------------------------+---------------------------------------------- > -------------------------+--- > > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/86#comment:1> > jose <http://tools.ietf.org/jose/> > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
