Hi Francesca, Warren, Brian, we have modified the IANA Considerations section in the just uploaded version -04 according to your feedback.
-Daniel Am 30.11.21 um 19:42 schrieb Francesca Palombini: > > Hi Warren, Brian, > > > > Thanks for your feedback, and for confirming that the semantics of the > existing “iss” match those of the draft. In that case, I agree with > you that the best resolution is to merge the two (so – update the > existing registration so that it also points to this document, and > indicates it can also appear in the authorization response). > > > > I’ll remove my DISCUSS when the IANA update is done. > > > > Thanks, > Francesca > > > > *From: *Brian Campbell <bcampb...@pingidentity.com> > *Date: *Tuesday, 30 November 2021 at 19:32 > *To: *Francesca Palombini <francesca.palomb...@ericsson.com> > *Cc: *The IESG <i...@ietf.org>, oauth@ietf.org <oauth@ietf.org>, > draft-ietf-oauth-iss-auth-r...@ietf.org > <draft-ietf-oauth-iss-auth-r...@ietf.org>, oauth-cha...@ietf.org > <oauth-cha...@ietf.org> > *Subject: *Re: [OAUTH-WG] Francesca Palombini's Discuss on > draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS) > > I strongly believe the use of 'iss' as the parameter name here is > correct and appropriate. This draft isn't using it for something > different - the parameter carries an identifier for the sender of the > message, which is consistent in the context of use with the existing > registry entry. > > > > Codifying the parameter name is central to the value of this draft and > there are existing implementations/deployments using it. Changing the > name now would be a breaking change with significant ramifications on > interoperability. > > > > The organization of the registry is arguably less than ideal, yes. But > that shouldn't force an unnecessary and costly change onto this simple > draft that's addressing a real need. This draft should update the > existing entry for 'iss' rather than replace it. > > > > On Mon, Nov 29, 2021 at 2:21 PM Francesca Palombini via Datatracker > <nore...@ietf.org <mailto:nore...@ietf.org>> wrote: > > Francesca Palombini has entered the following ballot position for > draft-ietf-oauth-iss-auth-resp-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut > this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/blog/handling-iesg-ballot-positions/ > <https://www.ietf.org/blog/handling-iesg-ballot-positions/> > for more information about how to handle DISCUSS and COMMENT > positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ > <https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/> > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work on this document. > > Many thanks to Julian Reschke for the ART ART review: > https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/ > <https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/>. > > I have one DISCUSS point that has to do with IANA considerations, > and is > hopefully easy to resolve. > > Francesca > > 1. ----- > > FP: I am sure the Designated Expert will bring this up, but "iss" > is already > defined as a OAuth Parameter, for authorization requests. I don't > think it's a > good idea to use the same parameter name, although in a different > message of > the exchange, for something different, as the registration defined > in Section > 5.2 seems to imply. I strongly recommend to change the name in > this document. > Or, if we can agree that the meaning is similar enough to the > original "iss", > merge the two IANA registrations (this would not be my preferred > choice). > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > */CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly > prohibited. If you have received this communication in error, please > notify the sender immediately by e-mail and delete the message and any > file attachments from your computer. Thank you./* > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- https://danielfett.de
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
