Hi Warren, Brian, Thanks for your feedback, and for confirming that the semantics of the existing “iss” match those of the draft. In that case, I agree with you that the best resolution is to merge the two (so – update the existing registration so that it also points to this document, and indicates it can also appear in the authorization response).
I’ll remove my DISCUSS when the IANA update is done. Thanks, Francesca From: Brian Campbell <[email protected]> Date: Tuesday, 30 November 2021 at 19:32 To: Francesca Palombini <[email protected]> Cc: The IESG <[email protected]>, [email protected] <[email protected]>, [email protected] <[email protected]>, [email protected] <[email protected]> Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS) I strongly believe the use of 'iss' as the parameter name here is correct and appropriate. This draft isn't using it for something different - the parameter carries an identifier for the sender of the message, which is consistent in the context of use with the existing registry entry. Codifying the parameter name is central to the value of this draft and there are existing implementations/deployments using it. Changing the name now would be a breaking change with significant ramifications on interoperability. The organization of the registry is arguably less than ideal, yes. But that shouldn't force an unnecessary and costly change onto this simple draft that's addressing a real need. This draft should update the existing entry for 'iss' rather than replace it. On Mon, Nov 29, 2021 at 2:21 PM Francesca Palombini via Datatracker <[email protected]<mailto:[email protected]>> wrote: Francesca Palombini has entered the following ballot position for draft-ietf-oauth-iss-auth-resp-03: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the work on this document. Many thanks to Julian Reschke for the ART ART review: https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/. I have one DISCUSS point that has to do with IANA considerations, and is hopefully easy to resolve. Francesca 1. ----- FP: I am sure the Designated Expert will bring this up, but "iss" is already defined as a OAuth Parameter, for authorization requests. I don't think it's a good idea to use the same parameter name, although in a different message of the exchange, for something different, as the registration defined in Section 5.2 seems to imply. I strongly recommend to change the name in this document. Or, if we can agree that the meaning is similar enough to the original "iss", merge the two IANA registrations (this would not be my preferred choice). _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
