Apologies, sending from the correct email account this time. Please do not reply to the other address.
Thank you, — Justin On Dec 12, 2022, at 1:45 PM, Justin Richer <jus...@richer.org<mailto:jus...@richer.org>> wrote: Francesca, Thanks for the pointer! I read through the referenced RFC as well and I agree with Brian’s take. I don’t think there’s enough similarity in the domain or the solution to warrant a meaningful comparison here. It seems that RFC9237 was not written in such a way as for it to be generally applicable, and that seems to be the intentional design. Section 2.2 of that document specifically states that it’s limited in a number of ways, such as the statement that it’s for "statically identifiable objects”. These limitations seem to put it in a squarely different camp from RAR, which is intended to allow expression of general-purpose security elements across many different styles of APIs. The various examples in the RAR draft should, hopefully, make that clear. I personally think that mentioning RFC9237 would only confuse readers of this specification. — Justin On Dec 12, 2022, at 1:22 PM, Brian Campbell <bcampb...@pingidentity.com<mailto:bcampb...@pingidentity.com>> wrote: Thanks Francesca, I must admit that I was not aware of RFC9237. After a quick look, however, it really is intended for Ace and IoT (as you point out) and I don't believe I could write anything sufficiently meaningful about any similarities to this document to warrant inclusion. On Mon, Dec 12, 2022 at 9:10 AM Francesca Palombini via Datatracker <nore...@ietf.org<mailto:nore...@ietf.org>> wrote: Francesca Palombini has entered the following ballot position for draft-ietf-oauth-rar-18: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-rar/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the work on this document. Many thanks to Thomas Fossati for his ART ART review: https://mailarchive.ietf.org/arch/msg/art/EckO_3zF-gnI83Q_HmO5xREursI/ and thanks to the authors for addressing Thomas' comments. No other comments from me, just a note: I was wondering if it wouldn't have made sense to informally reference and discuss in a short paragraph RFC9237 and its applicability to OAuth given its content - I will accept that it might not be the case since 9237 is really intended for Ace and IoT but the similarities made me question it. Francesca CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
