Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02

Hi Brian! Thanks for this background and explanation. There was history here I didn’t know. With the benefit of this thread and private exchanges, the key takeaways for me are: ** the definition of 'resource' for 'token exchange' is identical in both drafts (draft-ietf-oauth-resource-indicat

Re: [OAUTH-WG] OAuth Digest, Vol 129, Issue 23

ected resource can be used by any one of those protected resources to access any of the other protected resources." -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disc

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02

Yeah, as you surmised, there is some history behind this. Basically draft-ietf-oauth-token-exchange predates draft-ietf-oauth-resource-indicators by a good long time (years) and with the hope and expectation that draft-ietf-oauth-token-exchange would move to RFC, I've avoided having a reference in

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02

Hi Brian! From: Brian Campbell [mailto:bcampb...@pingidentity.com] Sent: Wednesday, July 17, 2019 4:35 PM To: Roman Danyliw Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02 Thank you, Roman, for the review. Some replies are inline below. I'll aim to

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02

Hi! I forgot one more thing about this draft after re-reading draft-ietf-oauth-token-exchange. Per the IANA action in Section 4.1, I need help understanding on the thinking to resolve this TODO: o Parameter usage location: authorization request, token request [[TODO: draft-ietf-oauth

Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02

Thank you, Roman, for the review. Some replies are inline below. I'll aim to push out a -03 addressing this stuff sometime not too long after the I-D submission embargo is lifted next week. On Tue, Jul 16, 2019 at 5:23 PM Roman Danyliw wrote: > Hi! > > The following is my AD review of draft-iet

Re: [OAUTH-WG] IETF105 OAuth WG Draft Agenda

I’d be interested in hearing that presentation – particularly the “lessons” part. -- Mike From: OAuth On Behalf Of Richard Backman, Annabelle Sent: Wednesday, July 17, 2019 11:28 AM To: Dick Hardt ; Rifaat Shekh-Yusef Cc: oauth Subject:

[OAUTH-WG] AD Review: draft-ietf-oauth-jwt-introspection-response-03

Hi! The following is my AD review of draft-ietf-oauth-jwt-introspection-response-03. (1) Section 4. Per introspection_encrypted_response_alg, how is either signing or encryption being requested? Is it by also including an introspection_signed_response_alg? If that's the case, it is worth e