Hi,
The discussion is ongoing but I will try to summarise the status.
In the current state the draft is supporting pretty good the use cases
of RDAP user interacting directly with RDAP server via the browser or
using command line tools.
The draft is not supporting the use cases of RDAP user interacting with
RDAP server via web application, neither client side nor server side.
Client side application support can be added pretty straightforward to
the specification with added language of redirect_uri and state
(analogue to the same features of OAuth2) and by specifying the
necessary behaviour in terms of CORS and appropriate Security
Considerations.
Server side applications are not supported by the current draft and not
really possible to add the support without a major change to the
specification. The main issue is the usage of the cookies, which cannot
be passed cross domain between the front-end doing the authorisation
with the RDAP server and the back-end doing the actual RDAP API
interactions.
In my opinion the WG shall get the consensus around whether these web
application related use-cases shall be supported in order to move
forward with the WGLC.
Kind regards,
Pawel
Am 04.10.22 um 15:42 schrieb Hollenbeck, Scott:
-----Original Message-----
From: regext <[email protected]> On Behalf Of James Galvin
Sent: Monday, October 3, 2022 8:40 AM
To: REGEXT WG <[email protected]>
Subject: [EXTERNAL] Re: [regext] WGLC: draft-ietf-regext-rdap-openid-17
Caution: This email originated from outside the organization. Do not click links
or open attachments unless you recognize the sender and know the content is
safe.
REMINDER:
This document is in WGLC and has only received support from its Editor and its
Document Shepherd.
To advance this document we need expressions of support from others to
advance this document to the IESG to be considered for publication as a
Proposed Standard.
WGLC remains open through Monday, 10 October. This document can not
advance without support.
[SAH] I'm currently having an off-list exchange with someone that might produce
changes to the draft. I'll encourage that reviewer to provide a summary once
he's comfortable doing so.
Scott
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
