On 13/10/2014 16:13, Mike Jones wrote:
Thanks for your review Benoit. I'm adding the working group to the thread so
they're aware of your comments. Replies inline below...
-----Original Message-----
From: Benoit Claise [mailto:bcla...@cisco.com]
Sent: Monday, October 13, 2014 6:34 AM
To: The IESG
Cc: Tom Taylor; oauth-cha...@tools.ietf.org; draft-ietf-oauth-saml2-
bea...@tools.ietf.org
Subject: Benoit Claise's Discuss on draft-ietf-oauth-saml2-bearer-21: (with
DISCUSS and COMMENT)
Benoit Claise has entered the following ballot position for
draft-ietf-oauth-saml2-bearer-21: Discuss
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
No objection on the document itself, but, as rightly noted by Tom Taylor in the
OPS-DIR review:
Process issue: IDnits complains of a normative reference to Informational
document RFC 6755. This was NOT noted in the Last Call announcement (but
was noted in the Shepherd writeup). No operational issue identified beyond
what is already covered by the Interoperability Considerations section.
As an example, in the case of
http://datatracker.ietf.org/doc/rfc7317/history/, I had to redo the IETF LC with
the appropriate statement (based on a DISCUSS from my fellow-AD).
We should be consistent here.
Barry Leiba had written in response to this "I think the right answer here is to
make 6755 an informative reference: it's not needed to understand this document, and is
only used as a reference to the document where the namespace was created." I agree
that this resolution would be fine.
Fine with me.
Regards, Benoit
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Editorial Nits:
S2.2: The paragraph before the actual example uses terminology inconsistent
with RFC 6749:
s/authorization code grant/authorization grant/
Per my reply on October 6 to Tom Taylor's review which made the same comment,
actually, RFC 6749 uses both terms. Authorization grant is the generic term.
Authorization Code Grant (defined in Section 4.1 of 6749) is a specific kind of
authorization grant. The text is correct as-is.
Thanks again,
-- Mike
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
