Hi!
Draft-ietf-oauth-jwsreq-17 is currently in "Approved-announcement to be
sent::Revised I-D Needed". I reviewed the Feb-2017 ballot and see that
everything appears to have been addressed but:
** Mirja: "Should this document maybe update rfc6749?" -- I saw no response on
this item. What is
Hi!
As a document I inherited in the "IESG:: Waiting for Writeup Internet-Drafts" ,
I conducted a second AD review. I have the following feedback:
(1) Add additional references to the text
(a) Section 2.1, bullet #2
- An "RS256" (RSA, 2048 bit) parameter value can be changed into
"HS
Hi Yaron!
Thanks for this quick update. It addresses my feedback. I'll advance the
document.
Roman
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Yaron Sheffer
> Sent: Friday, June 07, 2019 2:18 PM
> To: oauth
> Subject: [OAUTH-WG] Fwd: New Version No
Hi!
I conducted as second AD review of draft-ietf-oauth-mtls per the AD hand-off.
I have the following additional feedback:
** Per ekr's earlier review at https://mozphab-ietf.devsvcdev.mozaws.net/D3657,
paraphrasing:
-- Section 2.1.2, How is these metadata parameters being obtained?
-- Sectio
Hi Brian!
My response is inline ...
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Monday, June 24, 2019 1:17 PM
To: Roman Danyliw
Cc: oauth
Subject: Re: [OAUTH-WG] Second AD Review: draft-ietf-oauth-mtls
Thanks for the additional review, Roman. I feel lucky, it's not
> -Original Message-
> From: iesg [mailto:iesg-boun...@ietf.org] On Behalf Of Adam Roach via
> Datatracker
> Sent: Tuesday, June 25, 2019 1:05 AM
> To: The IESG
> Cc: draft-ietf-oauth-jwt-...@ietf.org; hannes.tschofe...@arm.com; oauth-
> cha...@ietf.org; oauth@ietf.org
> Subject: Adam Ro
Hi!
The following is my AD review of draft-ietf-oauth-resource-indicators-02. The
document is in good shape.
(1) Section 2. Per "The parameter can carry the location of a protected
resource, typically as an https URL, or a more abstract identifier", is this
"abstract identifier" still an abso
Hi!
The following is my AD review of
draft-ietf-oauth-jwt-introspection-response-03.
(1) Section 4. Per introspection_encrypted_response_alg, how is either signing
or encryption being requested? Is it by also including an
introspection_signed_response_alg? If that's the case, it is worth e
and
instead of draft-ietf-oauth-token-exchange including the text defining
'resource' in Section 2.1, it would make a normative reference to Section 2 of
draft-ietf-oauth-resource-indicators?
Roman
> -Original Message-
> From: Roman Danyliw
> Sent: Tuesday, July 16, 2
Hi Brian!
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Wednesday, July 17, 2019 4:35 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
Thank you, Roman, for the review. Some replies are inline below. I'll a
[mailto:bcampb...@pingidentity.com]
Sent: Wednesday, July 17, 2019 6:31 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
Yeah, as you surmised, there is some history behind this. Basically
draft-ietf-oauth-token-exchange predates draft-i
Hi Brian!
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Friday, July 19, 2019 2:02 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
Thanks Roman,
I'm attempting to bring this thread and our private exch
Hi Brian!
Thanks for the update in -03. The item below is the only thing that remains
outstanding.
Thanks,
Roman
From: Roman Danyliw
Sent: Wednesday, July 17, 2019 6:05 PM
To: Brian Campbell
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
From
Hi Brian!
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Monday, July 22, 2019 8:37 AM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
Yes, sorry about that. I realized this yesterday and as tried to write quickly
Hi Brian!
The -04 version addresses my remaining concerned. Thanks for this update.
I’ve advanced the document to IETF LC.
Roman
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Monday, July 22, 2019 9:47 AM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD
Hi Torsten!
> -Original Message-
> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
> Sent: Monday, July 22, 2019 6:59 AM
> To: Roman Danyliw
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-jwt-introspection-
> response-03
>
&
draft-ietf-oauth-security-topics-11
** Obsolete normative reference: RFC 2246 (Obsoleted by RFC 4346)
==[ snip ]==
Roman
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Roman Danyliw
> Sent: Monday, July 22, 2019 8:51 PM
> To: Torsten Lodderstedt
&
orsten Lodderstedt [mailto:tors...@lodderstedt.net]
> Sent: Tuesday, July 23, 2019 5:06 PM
> To: Roman Danyliw
> Cc: oauth@ietf.org; Vladimir Dzhuvinov
> Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-jwt-introspection-
> response-03
>
> Hi Roman,
>
> the latest revision
Hi!
Indeed, thanks for this OAuth specific list.
As a PSA, the “official page” of upcoming meetings (OAuth, or otherwise) will
also have points to the webex, agenda and materials too. See:
https://datatracker.ietf.org/meeting/upcoming.
Roman
From: OAuth On Behalf Of Aaron Parecki
Sent: Wedn
Hi!
I conducted an another AD review of
draft-ietf-oauth-jwt-introspection-response-09. As background, -07 of this
document went to IESG Review and the document was brought back to the WG to
address the DISCUSS points.
Below is my feedback which can be addressed concurrently with IETF LC.
Hi Torsten!
Sorry for my tardy response. Yes, the proposed edits and explanations address
my concerns.
Roman
> -Original Message-
> From: Torsten Lodderstedt
> Sent: Wednesday, August 26, 2020 8:26 AM
> To: Roman Danyliw
> Cc: oauth@ietf.org
> Subject: Re: [OAUT
Hi!
I conducted an AD review of draft-ietf-oauth-access-token-jwt-10. Thanks for
the work in getting this document written. My detailed feedback is below all
are minor or editorial.
** Section 1.2. Editorial. Per "JWT access token An OAuth 2.0 ...", maybe
put a colon between these two ph
Hi Vittorio!
So sorry for the delay, I didn't appreciate this was awaiting on a response.
> -Original Message-
> From: Vittorio Bertocci
> Sent: Thursday, November 19, 2020 3:45 AM
> To: Roman Danyliw ; oauth@ietf.org
> Subject: Re: [OAUTH-WG] AD Review of draft-iet
Hi!
Below is a summary explanation of where all of the documents that are with me
(as AD) stand. I hope this better explains the status in the datatracker.
==[ draft-ietf-oauth-access-token-jwt
Status: AD Evaluation::Revised I-D Needed
(aka, after WG LC but before IETF LC pending edits the AD
Hi!
A correction ...
> -Original Message-
> From: Roman Danyliw
> Sent: Tuesday, January 19, 2021 9:11 AM
> To: oauth@ietf.org
> Subject: Status summary of document in AD Evaluation status
>
> Hi!
>
> Below is a summary explanation of where all of the docum
Hi! Rob!
> -Original Message-
> From: OAuth On Behalf Of Robert Wilton via
> Datatracker
> Sent: Thursday, February 4, 2021 6:20 AM
> To: The IESG
> Cc: oauth-cha...@ietf.org; draft-ietf-oauth-jwt-introspection-
> respo...@ietf.org; oauth@ietf.org
> Subject: [OAUTH-WG] Robert Wilton's Di
Hi!
From: ietf On Behalf Of Bron Gondwana
Sent: Tuesday, February 23, 2021 7:47 AM
To: Rifaat Shekh-Yusef
Cc: i...@ietf.org; oauth@ietf.org
Subject: Re: Diversity and Inclusiveness in the IETF
On Tue, Feb 23, 2021, at 23:40, Rifaat Shekh-Yusef wrote:
So you have never reached out to us to try t
Hi!
I performed my AD review of draft-ietf-oauth-par-07. Thanks for the effort to
produce this document. See my feedback below:
** Section 1.1. Per the first POST example, please provide a bit more text to
explain the presence of the Authorization header.
** Section 2.1. Per step #1, "Auth
Hi Brian!
Thanks for the clarifications below and the -08. I’ve pushed the document to
IETF Last Call.
Regards,
Roman
From: Brian Campbell
Sent: Friday, May 14, 2021 6:05 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review of draft-ietf-oauth-par-07
I went ahead and
Hi!
Thanks for the -08 version of draft-ietf-oauth-par and the associated
discussion in response to the IESG review.
Can you please spin a quick editorial revision to catch Murray's comments and
respond to his question on Section 7.3. See
https://datatracker.ietf.org/doc/draft-ietf-oauth-par
Hi Brian!
Thanks for this quick revision. I’ve advanced the doc out of the IESG.
Congrats we’re almost there!
Roman
From: Brian Campbell
Sent: Thursday, July 29, 2021 6:51 PM
To: Roman Danyliw ; Murray Kucherawy
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Finals nits on draft-ietf-oauth-par
Hi!
I performed an AD review of draft-ietf-oauth-iss-auth-resp-02. Thanks for
documenting this mitigation.
The document is in good shape so I am advancing it to IETF LC. Please treat
these minor comments as part of that feedback:
** Section 2.4. Editorial.
The decision of whether to a
Sent: Thursday, November 18, 2021 3:07 PM
> To: oauth@ietf.org
> Cc: Roman Danyliw
> Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-03.txt
>
> Hi all,
>
> Daniel and I published a new draft version for the iss parameter.
>
> Version 03 addresses the fe
Hi Rob!
Thanks for your review. I wanted to close the loop on your COMMENT. See below.
> -Original Message-
> From: OAuth On Behalf Of Robert Wilton via
> Datatracker
> Sent: Tuesday, November 30, 2021 5:31 AM
> To: The IESG
> Cc: oauth@ietf.org; draft-ietf-oauth-iss-auth-r...@ietf.org
Hi!
I conducted an AD review of draft-ietf-oauth-jwk-thumbprint-uri-01. Thanks for
the work on this document. I have the following feedback which can be addressed
with other IETF Last Call reviews.
** Section 4. Editorial clarification on which field from the registry to use
and error handli
Hi!
I performed an AD review of draft-ietf-oauth-rar-12. Thanks for this document.
My feedback is as follows:
** Section 2. Editorial
This field MUST be compared using an exact byte match of the string
value against known types by the AS.
Consider if you want to introduce how the lac
Hi Justin!
> -Original Message-
> From: Justin Richer
> Sent: Thursday, September 15, 2022 11:20 AM
> To: Roman Danyliw
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
>
> Hi Roman, some responses inline.
>
> > O
Looks good to me. Thank you Brian!
From: Brian Campbell
Sent: Thursday, September 15, 2022 12:50 PM
To: Justin Richer
Cc: Roman Danyliw ; oauth@ietf.org
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
Thanks for the review Roman and thanks Justin for the responses.
I took the
Hi Justin!
https://github.com/oauthstuff/draft-oauth-rar/pull/88 looks good to me. Thanks.
Roman
From: Justin Richer
Sent: Monday, October 17, 2022 4:35 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
Thank you, that’s a much better way to
Hi Torsten!
Thanks for the response. More inline ...
> -Original Message-
> From: Torsten Lodderstedt
> Sent: Tuesday, October 18, 2022 9:00 AM
> To: Roman Danyliw
> Cc: oauth@ietf.org; Brian Campbell ;
> jric...@mit.edu
> Subject: Re: [OAUTH-WG] AD review of dr
se address
this feedback concurrently.
> > -Original Message-
> > From: Justin Richer
> > Sent: Thursday, September 15, 2022 11:20 AM
> > To: Roman Danyliw
> > Cc: oauth@ietf.org
> > Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-rar-12
> >
&
Hi!
I performed an AD review on draft-ietf-oauth-dpop-11. Thanks for this
document. Comments below.
** The document has 6 listed authors. Could this rationale for this be
explained on the list and captured in the shepherd write-up.
** Section 2.
(CRIME,
BREACH, Heartbleed, and the Cloudf
Hi!
I performed an AD review of draft-ietf-oauth-step-up-authn-challenge-08.
Thanks for this document. My feedback is below:
** The text uses the phrase "authentication level" a few times. Was that a
phrase that was heavily negotiated? To me a level implies that some notion of
linear progr
to applications.
Roman
From: Vittorio Bertocci
Sent: Thursday, January 12, 2023 4:11 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD review of draft-ietf-oauth-step-up-authn-challenge-08
Thank you Roman for the super prompt and thorough review!
We went ahead and published
Hi WG!
The additional context is that after the disappointing cancelation of the OAuth
side meetings at IETF 116, the Rifaat, Hannes and I have been working on trying
to find ways to maximize the in-person meeting time. The first, but ultimately
unsuccessful approach explored was the definitio
Hi!
We've observed growing energy around JWT, selective disclosure and VC related
topics in the WG in recent meetings. We spent almost all of the third OAuth
meeting at IETF 117 on related topics. The initial SD-JWT
(draft-ietf-oauth-selective-disclosure-jwt) has been followed up with SD-JWT-
Hi!
I wanted to raise awareness that on next week's IESG telechat
draft-ietf-regext-rdap-openid will be reviewed. See
https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-openid/. This document
provides normative guidance on using OpenID and OAuth to secure the RDAP
ecosystem (https://dat
Hi!
I deferred this document to Thursday, October 5 telechat. If anyone has time
to review this document, it would be appreciated.
Roman
-Original Message-
From: Roman Danyliw
Sent: Friday, September 15, 2023 3:29 PM
To: oauth
Subject: Review of draft-ietf-regext-rdap-openid
Hi!
I
Hi Justin!
Thank you so much for the review!
Roman
From: Justin Richer
Sent: Thursday, September 28, 2023 7:46 PM
To: Roman Danyliw
Cc: oauth
Subject: Re: [OAUTH-WG] Review of draft-ietf-regext-rdap-openid
Hi Roman,
The concerns of this document are largely specific to OpenID Connect, and
Hi!
I performed an AD review of draft-ietf-oauth-security-topics-24. Thank you for
taking the time to document many years of operational deployment experience.
My feedback is below:
From idnits:
** All documents that are called out as being updated in the meta-data need to
be mentioned in th
19.12.23 um 00:08 schrieb Roman Danyliw:
** Section 2.2.
The privileges associated with an access token SHOULD be restricted
to the minimum required for the particular application or use case.
Under what circumstances should access tokens not be restricted? Can this be
documented
Hi Daniel!
I really appreciate the quick turn-around. It addresses all of my feedback.
The document has been sent to the IETF LC.
Roman
From: Daniel Fett
Sent: Thursday, February 8, 2024 12:08 PM
To: Roman Danyliw ; oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review of draft-ietf-oauth
/.
-Original Message-
From: SPICE On Behalf Of Roman Danyliw
Sent: Friday, February 9, 2024 2:01 PM
To: sp...@ietf.org
Subject: [SPICE] Call for consensus on SPICE charter
Hi!
At IETF 118, a BoF on SPICE was convened [1]. The meeting provided a strong
consensus signal that there was a
Roman Danyliw has entered the following ballot position for
draft-ietf-oauth-resource-metadata-10: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please
54 matches
Mail list logo
