Thanks for your review, Paul.  My responses are inline below, prefixed by 
"Mike>".

-----Original Message-----
From: Paul Wouters via Datatracker <nore...@ietf.org>
Sent: Tuesday, October 1, 2024 6:34 PM
To: The IESG <i...@ietf.org>
Cc: draft-ietf-oauth-resource-metad...@ietf.org; oauth-cha...@ietf.org; 
oauth@ietf.org; rifaat.s.i...@gmail.com; rifaat.s.i...@gmail.com
Subject: Paul Wouters' No Objection on draft-ietf-oauth-resource-metadata-10: 
(with COMMENT)

Paul Wouters has entered the following ballot position for
draft-ietf-oauth-resource-metadata-10: No Objection

When responding, please keep the subject line intact and reply to all email 
addresses included in the To and CC lines. (Feel free to cut this introductory 
paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-metadata/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

La mia bella recensione


resource_signing_alg_values_supported
        No default algorithms are implied if this entry is omitted.

What does this imply? Does it mean a value can be supplied later? Or
that the request will never be able to succeed?

Mike> Like many things OAuth, if this information isn't provided, the 
participating parties will need to agree on supported values out of band.  For 
what it's worth, the same language is used multiple times in the resource 
server metadata parameter definitions in 
https://www.rfc-editor.org/rfc/rfc8414.html#section-2.

In Section 5.1 there is an error message, but unlike earlier in the
document, there seems to be no language support here. I guess that
is a shortcoming of RFC6750.

Mike> Yes, it is.  The good news, though, is that these error messages are 
intended as debugging aids for programmers and are not intended to be shown to 
end-users.  Therefore, the lack of internationalization is less of a concern.

I am also interested to hear the response to Orie's DISCUSS

Mike> Orie and I DISCUSSED, and he won me over.  You'll see my response with a 
PR allowing the use of query parameters in resource identifiers shortly.

                                Grazie,
                                -- Mike


_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to