Re: [OAUTH-WG] Shepherd report for draft-ietf-oauth-dyn-reg

2015-01-29 Thread Hannes Tschofenig
Thanks for catching the typo. Regarding the IPR (or more copyright) there is an open issue that I was not able to resolve since neither Scott Bradner nor Jorge (the IETF lawyer) responded to me. I updated the write-up! Ciao Hannes On 01/29/2015 12:31 AM, Kathleen Moriarty wrote: > Hi Hannes, >

Re: [OAUTH-WG] Shepherd report for draft-ietf-oauth-dyn-reg

2015-01-29 Thread Kathleen Moriarty
Hi Hannes, Sent from my iPhone > On Jan 29, 2015, at 4:08 AM, Hannes Tschofenig > wrote: > > Thanks for catching the typo. > > Regarding the IPR (or more copyright) there is an open issue that I was > not able to resolve since neither Scott Bradner nor Jorge (the IETF > lawyer) responded to m

[OAUTH-WG] Misplaced Resource Owner in PKCE

2015-01-29 Thread Brian Campbell
In SPOP/PKCE §1.1 [1] the figure and explanation have the authorization request going to the "Resource Owner" and goes on to say that 'the resource owner responds as usual, but records "t(code_verifier)" and the transformation method.' That's not what the resource owner does. I know the protocol f

Re: [OAUTH-WG] Misplaced Resource Owner in PKCE

2015-01-29 Thread John Bradley
How about ++ +---+ ||--(A)-- Authorization Request --->| | ||+ t(code_verifier), t | Authorization | || |Endpoint | ||<-(B)- Aut

Re: [OAUTH-WG] Misplaced Resource Owner in PKCE

2015-01-29 Thread Brian Campbell
Works for me. The text below needs to be fixed up to match too. On Thu, Jan 29, 2015 at 3:14 PM, John Bradley wrote: > How about > > ++ +---+ > ||--(A)-- Authorization Request --->| | > ||+ t(c

Re: [OAUTH-WG] Misplaced Resource Owner in PKCE

2015-01-29 Thread John Bradley
++ +---+ ||--(A)-- Authorization Request --->| | ||+ t(code_verifier), t | Authorization | || |Endpoint | ||<-(B

[OAUTH-WG] unused || in PKCE

2015-01-29 Thread Brian Campbell
"The concatenation of two values A and B is denoted as A || B" is in https://tools.ietf.org/html/draft-ietf-oauth-spop-06#section-2 but the "||" notation is never actually used anywhere else in the document. ___ OAuth mailing list OAuth@ietf.org https://w

Re: [OAUTH-WG] Misplaced Resource Owner in PKCE

2015-01-29 Thread Brian Campbell
Good by me. On Thu, Jan 29, 2015 at 3:35 PM, John Bradley wrote: > >++ +---+ >||--(A)-- Authorization Request --->| | >||+ t(code_verifier), t | Authorization | >|

[OAUTH-WG] PKCE: SHA256(WAT?)

2015-01-29 Thread Brian Campbell
In §2 [1] we've got "SHA256(STRING) denotes a SHA2 256bit hash [RFC6234] of STRING." But, in the little cow town where I come from anyway, you hash bits/octets not character strings (BTW, "STRING" isn't defined anywhere but it's kind of implied that it's a string of characters). Should it say som

Re: [OAUTH-WG] PKCE: SHA256(WAT?)

2015-01-29 Thread Nat Sakimura
FYI, we are now tracking this issue at: https://bitbucket.org/Nat/oauth-spop/issue/32/clean-up-definitions 2015-01-30 8:15 GMT+09:00 Brian Campbell : > In §2 [1] we've got "SHA256(STRING) denotes a SHA2 256bit hash [RFC6234] > of STRING." > > But, in the little cow town where I come from anyway,