Re: [Ace] Secdir telechat review of draft-ietf-ace-oauth-authz-41
Thanks, Phill. I really appreciate having another set of eyes go over the changes in the draft and cross-referencing against the review comments -- it makes me a lot more confident that we're in good shape now. -Ben On Fri, May 21, 2021 at 04:41:19PM -0700, Phillip Hallam-Baker via Datatracker wrote: > Reviewer: Phillip Hallam-Baker > Review result: Ready > > This draft was previously reviewed by Steve Kent for the -27 version. My > review > therefore mostly consists of checking that the changes recommended have been > made and that no new issues have arisen. Note that contrary to the data in the > tracker, I was not given the assignment in 2019. > > If you decide that you want to use OAUTH for authorization security for > Internet of Things, this is a reasonable approach to take. This is not a > simple > proposition or for the fainthearted. OAuth is built around the various > constraints of the browser world to which the constraints of being a > constrained device are added. > > The issues raised by Steve have all been addressed as far as I can see. It > looks good to go but since it is a security spec, ADs should still take note. > > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Secdir telechat review of draft-ietf-ace-oauth-authz-41
I am strongly minded to suggest a spinning plates model of security. Remember the vaudeville act with plates spinning on a stick, the performer gets one, two, five, ten going. And each time he adds a plate they have to go back to give one of the plates he started earlier another push. Well... I think this is at the very limit of the number of plates I can spin. On Fri, May 21, 2021 at 8:57 PM Daniel Migault wrote: > Thanks Phillip for the review. > > Yours, > Daniel > > On Fri, May 21, 2021 at 7:41 PM Phillip Hallam-Baker via Datatracker < > nore...@ietf.org> wrote: > >> Reviewer: Phillip Hallam-Baker >> Review result: Ready >> >> This draft was previously reviewed by Steve Kent for the -27 version. My >> review >> therefore mostly consists of checking that the changes recommended have >> been >> made and that no new issues have arisen. Note that contrary to the data >> in the >> tracker, I was not given the assignment in 2019. >> >> If you decide that you want to use OAUTH for authorization security for >> Internet of Things, this is a reasonable approach to take. This is not a >> simple >> proposition or for the fainthearted. OAuth is built around the various >> constraints of the browser world to which the constraints of being a >> constrained device are added. >> >> The issues raised by Steve have all been addressed as far as I can see. It >> looks good to go but since it is a security spec, ADs should still take >> note. >> >> >> ___ >> Ace mailing list >> Ace@ietf.org >> https://www.ietf.org/mailman/listinfo/ace >> > > > -- > Daniel Migault > Ericsson > -- Website: http://hallambaker.com/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Secdir telechat review of draft-ietf-ace-oauth-authz-41
Thanks Phillip for the review. Yours, Daniel On Fri, May 21, 2021 at 7:41 PM Phillip Hallam-Baker via Datatracker < nore...@ietf.org> wrote: > Reviewer: Phillip Hallam-Baker > Review result: Ready > > This draft was previously reviewed by Steve Kent for the -27 version. My > review > therefore mostly consists of checking that the changes recommended have > been > made and that no new issues have arisen. Note that contrary to the data in > the > tracker, I was not given the assignment in 2019. > > If you decide that you want to use OAUTH for authorization security for > Internet of Things, this is a reasonable approach to take. This is not a > simple > proposition or for the fainthearted. OAuth is built around the various > constraints of the browser world to which the constraints of being a > constrained device are added. > > The issues raised by Steve have all been addressed as far as I can see. It > looks good to go but since it is a security spec, ADs should still take > note. > > > ___ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > -- Daniel Migault Ericsson ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Secdir telechat review of draft-ietf-ace-oauth-authz-41
Reviewer: Phillip Hallam-Baker Review result: Ready This draft was previously reviewed by Steve Kent for the -27 version. My review therefore mostly consists of checking that the changes recommended have been made and that no new issues have arisen. Note that contrary to the data in the tracker, I was not given the assignment in 2019. If you decide that you want to use OAUTH for authorization security for Internet of Things, this is a reasonable approach to take. This is not a simple proposition or for the fainthearted. OAuth is built around the various constraints of the browser world to which the constraints of being a constrained device are added. The issues raised by Steve have all been addressed as far as I can see. It looks good to go but since it is a security spec, ADs should still take note. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace