I believe that the changes in
https://tools.ietf.org/html/draft-ietf-oauth-discovery-09 address the DISCUSS
and comments. Please review - ideally before the upcoming telechat.
Thanks again,
-- Mike
From: Mike Jones
Sent: Monday, February 26, 2018 11:03 PM
To: The IESG <[email protected]>; Alexey Melnikov <[email protected]>
Cc: [email protected]; [email protected]; [email protected]
Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on
draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
The attached drafts address the DISCUSSes from Adam and Alexey in the ways
proposed. A summary of the changes from -08 is:
* Revised the transformation between the issuer identifier and the
authorization server metadata location to conform to BCP 190, as suggested by
Adam Roach.
* Defined the characters allowed in registered metadata names and
values, as suggested by Alexey Melnikov.
* Changed to using the RFC 8174 boilerplate instead of the RFC 2119
boilerplate, as suggested by Ben Campbell.
* Acknowledged additional reviewers.
I've attached both source and .txt versions to facilitate comparison to -08.
Unless I hear additional suggestions for improvements by my end of business
Tuesday, I'll plan to publish this as -09.
Thanks all,
-- Mike
From: Mike Jones
Sent: Sunday, January 28, 2018 7:23 AM
To: The IESG <[email protected]<mailto:[email protected]>>; Alexey Melnikov
<[email protected]<mailto:[email protected]>>
Cc:
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on
draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
Your understanding matches with the intent of the language from RFC 7638. I'll
plan to proceed on that basis then.
Thanks again,
-- Mike
From: Alexey Melnikov
Sent: Sunday, January 28, 7:04 AM
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on
draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)
To: Mike Jones, The IESG
Cc:
[email protected]<mailto:[email protected]>,
[email protected]<mailto:[email protected]>,
[email protected]<mailto:[email protected]>
Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks for the
useful review, Alexey. I propose that we use the same > character restrictions
that are described in > https://tools.ietf.org/html/rfc7638#section-6, which
are: > > (a) require that member names being registered use > only printable
ASCII characters excluding double quote ('"') and > backslash ('\') (the
Unicode characters with code points U+0021, > U+0023 through U+005B, and U+005D
through U+007E), This looks reasonable. > or > > (b) if new members are defined
that use other code > points, require that their definitions specify the exact
Unicode code > point sequences used to represent them. Furthermore, proposed >
registrations that use Unicode code points that can only be > represented in
JSON strings as escaped characters must not be > accepted. So just to double
check: it is Ok to register names in Greek or Cyrillic (for example) and they
will be compared in a case sensitive manner? > I also propose that we say that
member name comparison occurs in the > manner described in
https://tools.ietf.org/html/rfc7159#section-8.3. My understanding is that RFC
7159 recommends case-sensitive comparison and that is fine with me. > Will that
work for you, Alexey? Best Regards, Alexey > > Thanks, > -- Mike > >
-----Original Message----- > From: Alexey Melnikov
[mailto:[email protected]] > Sent: Wednesday, January 24, 2018 12:06 AM >
To: The IESG > Cc:
[email protected]<mailto:[email protected]>;
Hannes Tschofenig > ; [email protected]<mailto:[email protected]>; >
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]> > Subject: Alexey Melnikov's Discuss on
draft-ietf-oauth-discovery-08: > (with DISCUSS and COMMENT) > > Alexey Melnikov
has entered the following ballot position for > draft-ietf-oauth-discovery-08:
Discuss > > When responding, please keep the subject line intact and reply to
all > email addresses included in the To and CC lines. (Feel free to cut this >
introductory paragraph, however.) > > > Please refer to
https://www.ietf.org/iesg/statement/discuss-criteria.html > for more
information about IESG DISCUSS and COMMENT positions. > > > The document, along
with other ballot positions, can be found here: >
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > >
---------------------------------------------------------------------- >
DISCUSS: >
---------------------------------------------------------------------- > >
Thank you for the well written IANA Considerations section. I have one >
comment on it which should be easy to resolve: > > The document doesn't seem to
say anything about allowed characters in > Metadata names. When the document
talks about "case-insensitive > matching", it is not clear how to implement the
matching, because it is > not clear whether or not Metadata names are ASCII
only. If they are not, > then you need to better define what "case insensitive"
means. > > >
---------------------------------------------------------------------- >
COMMENT: >
---------------------------------------------------------------------- > > I am
agreeing with Adam's DISCUSS. > > >
_______________________________________________ > OAuth mailing list >
[email protected]<mailto:[email protected]> >
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
