Re: [OAUTH-WG] Better title for OAuth 2.0 JWT Authorization Request

2015-10-09 Thread John Bradley 
We could switch the order to say “JWT request to the Authorization Endpoint”, 
but that is a bit long.

John B.


> On Oct 9, 2015, at 12:23 PM, Nat Sakimura  wrote:
> 
> The reason for saying authorization request is that there are two types of 
> requests in RFC6749; authorization request and token request. This draft 
> deals with the former and thus named JAR.  
> 
> Nat
> 
> 2015年10月9日金曜日、Jim Manico >さんは書きました:
> The word authorization is implied by OAuth, consider "OAuth 2.0 JWT Request".
> 
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Oct 9, 2015, at 3:43 AM, Nat Sakimura  > wrote:
> 
>> Hi OAuthers:
>> 
>>  
>> 
>> One of the to do for https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05 
>>  is to come up with 
>> a better title.
>> 
>> The current title “OAuth 2.0 JWT Authorization Request (JAR)”, is somewhat 
>> better than what it used to be, but if you can suggest a better name, I am 
>> all for it.
>> 
>> Please let me know if you have an idea.
>> 
>> Best,
>> 
>> --
>> 
>> Nat Sakimura > >
>> 
>> Nomura Research Institute, Ltd.
>> 
>>  
>> 
>> PLEASE READ:
>> 
>> The information contained in this e-mail is confidential and intended for 
>> the named recipient(s) only.
>> 
>> If you are not an intended recipient of this e-mail, you are hereby notified 
>> that any review, dissemination, distribution or duplication of this message 
>> is strictly prohibited. If you have received this message in error, please 
>> notify the sender immediately and delete your copy from your system.
>> 
>>  
>> 
>> ___
>> OAuth mailing list
>> OAuth@ietf.org 
>> https://www.ietf.org/mailman/listinfo/oauth 
>> 
> 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/ 
> http://twitter.com/_nat_en 
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



smime.p7s
Description: S/MIME cryptographic signature
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Better title for OAuth 2.0 JWT Authorization Request

2015-10-09 Thread Jim Manico 
But its all authorization, even the token request

--
Jim Manico
@Manicode
Secure Coding Education
+1 (808) 652-3805

> On Oct 9, 2015, at 5:23 PM, Nat Sakimura  wrote:
> 
> The reason for saying authorization request is that there are two types of 
> requests in RFC6749; authorization request and token request. This draft 
> deals with the former and thus named JAR.  
> 
> Nat
> 
> 2015年10月9日金曜日、Jim Manicoさんは書きました:
>> The word authorization is implied by OAuth, consider "OAuth 2.0 JWT Request".
>> 
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On Oct 9, 2015, at 3:43 AM, Nat Sakimura  wrote:
>>> 
>>> Hi OAuthers:
>>> 
>>>  
>>> 
>>> One of the to do for https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05 
>>> is to come up with a better title.
>>> 
>>> The current title “OAuth 2.0 JWT Authorization Request (JAR)”, is somewhat 
>>> better than what it used to be, but if you can suggest a better name, I am 
>>> all for it. 
>>> 
>>> Please let me know if you have an idea.
>>> 
>>> Best,
>>> 
>>> --
>>> 
>>> Nat Sakimura 
>>> 
>>> Nomura Research Institute, Ltd.
>>> 
>>>  
>>> 
>>> PLEASE READ:
>>> 
>>> The information contained in this e-mail is confidential and intended for 
>>> the named recipient(s) only.
>>> 
>>> If you are not an intended recipient of this e-mail, you are hereby 
>>> notified that any review, dissemination, distribution or duplication of 
>>> this message is strictly prohibited. If you have received this message in 
>>> error, please notify the sender immediately and delete your copy from your 
>>> system.
>>> 
>>>  
>>> 
>>> ___
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Better title for OAuth 2.0 JWT Authorization Request

2015-10-09 Thread Nat Sakimura 
The reason for saying authorization request is that there are two types of
requests in RFC6749; authorization request and token request. This draft
deals with the former and thus named JAR.

Nat

2015年10月9日金曜日、Jim Manicoさんは書きました:

> The word authorization is implied by OAuth, consider "OAuth 2.0 JWT
> Request".
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Oct 9, 2015, at 3:43 AM, Nat Sakimura  > wrote:
>
> Hi OAuthers:
>
>
>
> One of the to do for
> https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05 is to come up with
> a better title.
> The current title “OAuth 2.0 JWT Authorization Request (JAR)”, is
> somewhat better than what it used to be, but if you can suggest a better
> name, I am all for it. Please let me know if you have an idea.
>
> Best,
>
> --
>
> Nat Sakimura  >
>
> Nomura Research Institute, Ltd.
>
>
>
> PLEASE READ:
>
> The information contained in this e-mail is confidential and intended for
> the named recipient(s) only.
>
> If you are not an intended recipient of this e-mail, you are hereby
> notified that any review, dissemination, distribution or duplication of
> this message is strictly prohibited. If you have received this message in
> error, please notify the sender immediately and delete your copy from your
> system.
>
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org 
> https://www.ietf.org/mailman/listinfo/oauth
>
>

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05

2015-10-09 Thread Nat Sakimura 
Actually, I believe that came from the restrictions on some of the wap
browsers. Now they are practically gone, it should be ok to remove the
restriction. Remember that the draft actually started back in 2007 :-)

2015年10月9日金曜日、さんは書きました:

> Nat,
>
> Could you please add reasons on why the 512 in this sentence
> "The entire Request URI MUST NOT exceed 512 ASCII characters"?
> It is in this section
> https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05#section-4.2
>
> I assume it is hard to justify exactly this number and given that, I think
> this restriction should be removed.
>
> Kind regards
> -Axel
> ___
> OAuth mailing list
> OAuth@ietf.org 
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05

2015-10-09 Thread Axel.Nennker 
Nat,

Could you please add reasons on why the 512 in this sentence
"The entire Request URI MUST NOT exceed 512 ASCII characters"?
It is in this section 
https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05#section-4.2 

I assume it is hard to justify exactly this number and given that, I think this 
restriction should be removed.

Kind regards
-Axel
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Better title for OAuth 2.0 JWT Authorization Request

2015-10-09 Thread Axel.Nennker 
https://tools.ietf.org/html/rfc6749#section-4.1.1 Authorization Request is 
explicit too.

Naming could be about the why or the what. JAR is in the what-is-is category.
“Signed and Encrypted Authorization Request” would be more in the why category.

I think JAR is not bad.

-A

From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Jim Manico
Sent: Freitag, 9. Oktober 2015 03:47
To: Nat Sakimura
Cc: oauth
Subject: Re: [OAUTH-WG] Better title for OAuth 2.0 JWT Authorization Request

The word authorization is implied by OAuth, consider "OAuth 2.0 JWT Request".
--
Jim Manico
@Manicode
(808) 652-3805

On Oct 9, 2015, at 3:43 AM, Nat Sakimura 
mailto:n-sakim...@nri.co.jp>> wrote:
Hi OAuthers:

One of the to do for https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-05 is 
to come up with a better title.
The current title “OAuth 2.0 JWT Authorization Request (JAR)”, is somewhat 
better than what it used to be, but if you can suggest a better name, I am all 
for it.
Please let me know if you have an idea.
Best,
--
Nat Sakimura mailto:n-sakim...@nri.co.jp>>
Nomura Research Institute, Ltd.

PLEASE READ:
The information contained in this e-mail is confidential and intended for the 
named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified 
that any review, dissemination, distribution or duplication of this message is 
strictly prohibited. If you have received this message in error, please notify 
the sender immediately and delete your copy from your system.

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth