On Fri, Mar 29, 2024 at 10:46 PM Michael Jones <michael_b_jo...@hotmail.com> wrote:
> Thanks again for the detailed review, Atul! I’ve updated the PR > accordingly. Responses are inline below… > > > > *From:* OAuth <oauth-boun...@ietf.org> *On Behalf Of *Atul Tulshibagwale > *Sent:* Friday, March 29, 2024 6:31 PM > *To:* Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>; oauth <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata > > > > 6. Section 5.1: Does this introduce any IANA consideration? How would > we know if some other spec is not using "resource_metadata" in some other > way in the WWW-Authenticate response header? (Unlikely, but if there is a > way to reserve it, we should) > > The IANA registrations will occur once the spec has completed WGLC and > publication is requested. That said, I’m not aware of a registry for > WWW-Authenticate values. (If anyone is aware of such a registry, please > let me know and I’ll add a registration.) > To my knowledge (having looked into it some during working on RFCs 9449 & 9470) there's no registry for WWW-Authenticate auth-param values. You could potentially somewhat follow what Step Up did in https://www.rfc-editor.org/rfc/rfc9470.html#section-3 which was to say that the auth-param value being introduced is applicable only to OAuth related authentication schemes. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
