Re: [OAUTH-WG] Privacy Considerations section in OAuth 2.1?

Tue, 11 Aug 2020 07:44:45 -0700

OAuth 2. 0 and the OAuth 2.1 draft share a common point: they do not include a Privacy considerations section.
This is "normal" for OAuth 2. 0 since RFC 6749 was published before RFC 6973 ever existed. 


RFC 6973 is a good guidance document that should be read and used to add 
a Privacy Considerations section to the OAuth 2.1 draft.


Denis



I didn't have the reference offhand during the meeting today but 
https://tools.ietf.org/html/rfc6973 looks to be a good source of 
considerations for writing privacy considerations. As I mentioned, 
I've written a number of such sections. Though these probably 
shouldn't be considered exemplary they were published: 
https://tools.ietf.org/html/rfc8707#section-4, 
https://tools.ietf.org/html/rfc8705#section-8https://tools.ietf.org/html/rfc8693#section-6 
<https://tools.ietf.org/html/rfc8693#section-6>, 
https://tools.ietf.org/html/rfc7523#section-7, 
https://tools.ietf.org/html/rfc7522#section-7, and 
https://tools.ietf.org/html/rfc7521#section-8.4.

<https://tools.ietf.org/html/rfc7521#section-8.4>


I think including a pragmatic Privacy Considerations section in the 
OAuth 2.1 draft could be worthwhile.



On Mon, Aug 10, 2020 at 10:42 AM Dick Hardt <dick.ha...@gmail.com 
<mailto:dick.ha...@gmail.com>> wrote:


    In the PAR meeting today, Denis requested there be a privacy
    considerations section in PAR. I don't think there is anything
    specific in PAR that would change the privacy considerations of
    OAuth, and am checking if there is WG interest, and consensus, on
    including a Privacy Considerations section in the OAuth 2.1 draft.

    /Dick
    ᐧ
    _______________________________________________
    OAuth mailing list
    OAuth@ietf.org <mailto:OAuth@ietf.org>
    https://www.ietf.org/mailman/listinfo/oauth



/CONFIDENTIALITY NOTICE: This email may contain confidential and 
privileged material for the sole use of the intended recipient(s). Any 
review, use, distribution or disclosure by others is strictly 
prohibited..  If you have received this communication in error, please 
notify the sender immediately by e-mail and delete the message and any 
file attachments from your computer. Thank you./


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to