+1 (and I'd suggest names that make both "from" and "to" clear, e.g. "client-rs-request" or something like that)
/Ludwig -----Original Message----- From: Francesca Palombini <francesca.palomb...@ericsson.com> Sent: den 1 september 2020 10:34 To: Seitz Ludwig <ludwig.se...@combitech.se>; Jim Schaad <i...@augustcellars.com>; Ace Wg <ace@ietf.org> Subject: Re: OSCORE Profile IANA questions Hi Ludwig, Jim, Thanks for your input. Ludwig: I agree with you, they do not belong in the token request. I would be fine with not registering them as OAuth parameters and only register them as Ace parameters, but if I understand correctly the only way to register Ace parameters right now is: 1. register them in the OAuth Parameter Registry 2. register the CBOR mapping in the OAuth Parameters CBOR Mappings Registry. Did I miss something? Is there a better registry where to put these? Otherwise I am ok with defining a new category, more on that below. > [JLS] Look at the OAuth registries - they have some "standardized" names for > these interactions as well as the RS-AS pair. Jim: yes, they have standardized names, but as far as I can see only those 4 (token request/response, authorization request/response) are allowed in this registry (see https://tools.ietf.org/html/rfc6749#section-11.2.1 ), and they seem to indicate C-resource owner and C-AS messages. I went and checked the registry [*], and there is actually one exception from Kantara UMA, they registered some parameters with the following locations: "client request", "token endpoint", " authorization server response". So now I am wondering what these locations mean, and how come they have managed to register parameters with locations outside of the template. I am fine with using "client request" and "resource server response" but these are not standardized names in OAuth. I think the best way forward is: agree within the working group on some names (such as those above, or better ones if you have proposals), then request the OAuth Parameters Registry expert review, which is necessary for IANA ok. ~snip~ _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
