Thanks for your review, Paul. My responses are inline below, prefixed by "Mike>".
-----Original Message----- From: Paul Wouters via Datatracker <nore...@ietf.org> Sent: Tuesday, October 1, 2024 6:34 PM To: The IESG <i...@ietf.org> Cc: draft-ietf-oauth-resource-metad...@ietf.org; oauth-cha...@ietf.org; oauth@ietf.org; rifaat.s.i...@gmail.com; rifaat.s.i...@gmail.com Subject: Paul Wouters' No Objection on draft-ietf-oauth-resource-metadata-10: (with COMMENT) Paul Wouters has entered the following ballot position for draft-ietf-oauth-resource-metadata-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-metadata/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- La mia bella recensione resource_signing_alg_values_supported No default algorithms are implied if this entry is omitted. What does this imply? Does it mean a value can be supplied later? Or that the request will never be able to succeed? Mike> Like many things OAuth, if this information isn't provided, the participating parties will need to agree on supported values out of band. For what it's worth, the same language is used multiple times in the resource server metadata parameter definitions in https://www.rfc-editor.org/rfc/rfc8414.html#section-2. In Section 5.1 there is an error message, but unlike earlier in the document, there seems to be no language support here. I guess that is a shortcoming of RFC6750. Mike> Yes, it is. The good news, though, is that these error messages are intended as debugging aids for programmers and are not intended to be shown to end-users. Therefore, the lack of internationalization is less of a concern. I am also interested to hear the response to Orie's DISCUSS Mike> Orie and I DISCUSSED, and he won me over. You'll see my response with a PR allowing the use of query parameters in resource identifiers shortly. Grazie, -- Mike _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
