Just to clarify, this thread is a call for adoption, not meant to discuss the details of this particular draft.
Any issues with the draft can be raised as new threads. But right now, the question posed to the list is whether the group thinks this document should be adopted as a working group item. Oh, and +1 from me :-) Aaron Parecki https://aaronparecki.com On Wed, Jul 15, 2020 at 11:57 AM Warren Parad <wpa...@rhosys.ch> wrote: > I only recently joined this WG DL, so maybe this was already discussed by > I have two things I'm confused/curious about: > > 1. Can we avoid using (1, 2, 3) on the left side of the diagram to > describe, I'm not even sure what they are supposed to represent, not to > mention the RO in the diagram doesn't really provide value (for me) > relevant to the code grant flow. It's confusing to see these numerical > identifiers twice in the same picture. But maybe there is something hidden > in this that I'm missing, still 3a and 3b could be used to identify > different legs of the same code path. > [image: image.png] > > 2. It seems recently more and more common to pass the access_token to some > RS via a cookie, yet 7.2.1 says it defines two methods. I think we need > some RFC2119 > <https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html#RFC2119> keywords > here, to suggest that either SHOULD use one of these two, or MUST. And then > optionally state whether or not we recommend or reject the use of cookies > as a place for access tokens. It's also possible that the language threw me > off, because would an access token in a cookie be a bearer token, but no > matter, if I'm having this thought, then surely others have it as well, > right? > > [image: image.png] > > > *Warren Parad* > Secure your user data and complete your authorization architecture. > Implement Authress <https://bit.ly/37SSO1p>. > <https://rhosys.ch> > > > On Wed, Jul 15, 2020 at 7:55 PM Dick Hardt <dick.ha...@gmail.com> wrote: > >> +1 >> >> On Wed, Jul 15, 2020 at 10:42 AM Rifaat Shekh-Yusef < >> rifaat.s.i...@gmail.com> wrote: >> >>> All, >>> >>> This is a *call for adoption* for the following *OAuth 2.1* document as >>> a WG document: >>> https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html >>> >>> Please, provide your feedback on the mailing list by *July 29th.* >>> >>> Regards, >>> Rifaat & Hannes >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
