Hi Stephen,
Per your suggestion, I added text in the IANA Registration Template saying that
names can be for families of closely-related authentication methods. That way,
even if people don't read the spec, when they try to register values, they
should see the description.
I can't change the definition as you suggested, since that's actually quoted
from a different final specification. The good news, however, is that the next
sentence after the definition is about values typically being for families of
closely-related authentication methods, so I think we're covered there too.
Thanks again for the careful read, as always!
Cheers,
-- Mike
-----Original Message-----
From: Stephen Farrell [mailto:[email protected]]
Sent: Monday, March 13, 2017 8:28 AM
To: The IESG <[email protected]>
Cc: [email protected]; Hannes Tschofenig
<[email protected]>; [email protected]; [email protected];
[email protected]
Subject: Stephen Farrell's No Objection on draft-ietf-oauth-amr-values-07:
(with COMMENT)
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-amr-values-07: No Objection
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thanks for clarifying that amr represents classes of auth methods and not
(always) individual methods, that all makes more sense now;-)
I think you might usefully add the phrase "classes of" (or similar) to the
draft in a few places to help folks understand that, in particular, I spotted
two places where I think something like that'd be good:
1. in the definition, I'd suggest:
OLD:
amr
OPTIONAL. Authentication Methods References. JSON array of
strings that are identifiers for authentication methods used in
the authentication.
NEW:
amr
OPTIONAL. Authentication Methods References. JSON array of
strings that are identifiers for classes of authentication methods used in
the authentication.
2. In the IANA considerations and DE guidance, maybe make the name of the new
registry reflect that these are classes, in case someone gets confused only
having looked at the IANA pages without reading the RFC, and perhaps point the
DE guidance back to the top bit where you explain this stuff and add "classes
of" in a few places in the template to save the DEs having to explain that over
and over to people who just copy templates.
Thanks,
S.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth