Hi Alexey,
FYI, the only place in the spec that case-insensitive comparisons exist are
comparisons done by the Designated Experts when considering IANA registrations.
If implementations had to do case-insensitive comparisons, then yes,
recommending toLowerCase() would absolutely make sense, but it's human beings
doing the case folding when evaluating proposed registrations. I'll also note
that this is exactly the same language used in the instructions to Designated
Experts in related registries. For instance, you can see it in use at these
(and many other) locations:
https://tools.ietf.org/html/rfc7515#section-9.1.1
https://tools.ietf.org/html/rfc7517#section-8.1.1
https://tools.ietf.org/html/rfc7518#section-7.1.1
https://tools.ietf.org/html/rfc7519#section-10.1.1
https://tools.ietf.org/html/rfc7800#section-6.2.1
Whereas the use of toLowerCase() in
https://tools.ietf.org/html/rfc8265#section-3.3.1 makes perfect sense, because
it's a transformation performed by computer programs.
That said, I'll leave it up to you. If you still want me to make a change, I'd
propose making this one: Change "Names may not match other registered names in
a case-insensitive manner unless the Designated Experts state that there is a
compelling reason to allow an exception" to "Names may not match other
registered names in a case-insensitive manner (one that would cause a match if
the Unicode toLowerCase() operation were applied to both strings) unless the
Designated Experts state that there is a compelling reason to allow an
exception".
If you still want a change, I'll add this parenthetical remark during the next
set of edits. (However, I'll wait for Adam to weigh in on his DISCUSS before
republishing.)
Let me know.
Thanks again,
-- Mike
-----Original Message-----
From: OAuth <[email protected]> On Behalf Of Alexey Melnikov
Sent: Wednesday, February 28, 2018 6:44 AM
To: The IESG <[email protected]>
Cc: [email protected]; [email protected]; [email protected]
Subject: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09:
(with DISCUSS and COMMENT)
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-discovery-09: Discuss
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
Thank you for the well written IANA Considerations section. I have one comment
on it which should be easy to resolve:
The document doesn't seem to say anything about allowed characters in Metadata
names. When the document talks about "case-insensitive matching", it is not
clear how to implement the matching, because it is not clear whether or not
Metadata names are ASCII only. If they are not, then you need to better define
what "case insensitive" means.
You've made a change in section 7.1, which looks good. However there is still
the following text in 7.1.1:
Metadata Name:
The name requested (e.g., "issuer"). This name is case-sensitive.
Names may not match other registered names in a case-insensitive
I suggest replacing "in a case-insensitive manner" with something like "if when
applying Unicode toLowerCase() to both, they compare equal".
Or maybe keep "case-insensitive" and just add a sentence explaining what it is.
I think you should use toLowerCase(), as it is already recommended in other
IETF specs, like RFC 8265.
manner unless the Designated Experts state that there is a
compelling reason to allow an exception.
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I am agreeing with Adam's DISCUSS. I believe it was addressed in the latest
version.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
