Re: [OAUTH-WG] Francesca Palombini's No Objection on draft-ietf-oauth-rar-18: (with COMMENT)

2022-12-13 Thread Francesca Palombini
Hi Justin, Brian, Thank you for your answers! It makes sense not include it if you believe it would confuse the readers, just thought I would point it out in case you had not seen it. Francesca From: Justin Richer Date: Monday, 12 December 2022 at 19:48 To: Brian Campbell Cc: Francesca Palom

Re: [OAUTH-WG] [oauth-ext-review] [IANA #1261154] expert review for draft-ietf-oauth-rar (OAuth Parameters - OAuth Extensions Error)

2022-12-13 Thread Hannes Tschofenig
This revision is OK. Thanks for all the work. -Original Message- From: oauth-ext-review On Behalf Of Amanda Baber via RT Sent: Friday, December 9, 2022 7:25 PM Cc: wpa...@rhosys.ch; r...@cert.org; oauth@ietf.org; oauth-ext-rev...@ietf.org; Hannes Tschofenig ; bcampb...@pingidentity.com

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Dmitry Telegin
Hello Tobias, thanks for the draft! In regards to prior art, I'd like to mention Solid Project and their OIDC flavor, Solid-OIDC: https://solid.github.io/solid-oidc/#clientids-document They're using a similar approach (and have been for years), though with some differences: - client_id points to a

[OAUTH-WG] Step-up Authentication Shepherd Review

2022-12-13 Thread Rifaat Shekh-Yusef
Vittorio, Brian, The following is my document shepherd review for the step-up authentication document: https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-06.html *Comments* * Section 4, first sentence: You might have a reason for using MAY, instead of SHOULD, but it is n

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Tobias Looker
Hi Dmitry, Thanks for the feedback, it appears there is a lot of conceptual alignment with Solids approach. > while retrieving client metadata, AS should recognize not only > application/json, but application/ld+json (or maybe even application/*+json, > as per https://datatracker.ietf.org/doc/

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Aaron Parecki
While we're talking about prior art, I should also mention that the IndieAuth extension of OAuth 2 has been using URLs as client IDs since about 2012. (Disclosure: I am the editor of the spec) Since 2012, the spec has matured and was published as a W3C Note in 2018 while the W3C Social Web Working

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Tobias Looker
> While we're talking about prior art, I should also mention that the IndieAuth > extension of OAuth 2 has been using URLs as client IDs since about 2012. > (Disclosure: I am the editor of the spec) > Since 2012, the spec has matured and was published as a W3C Note in 2018 > while the W3C Socia