Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21

[Torsten Lodderstedt]

I reviewed the diffs and it looks ok.

regards,
Torsten.

Am 07.09.2011 17:59, schrieb Barry Leiba:

As you've all probably seen, Eran has posted version 21 of the OAuth
base spec, in which he believes he's addressed all comments and issues
that came up in the review of version 20.  We should be ready to send
this to the IESG.

Everyone who had comments or issues, please review -21 and make sure
that your concerns have been handled to your satisfaction (or that
there was no consensus to make a change).  And we encourage everyone
to review the changes from -20 to -21, to make sure Eran didn't
inadvertently break anything along the way.

The -21 is here:  http://tools.ietf.org/html/draft-ietf-oauth-v2-21
And diffs from -20 can be found here:
http://tools.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-21.txt

We'll give it until the end of next week, while I work on the shepherd
writeup.  Comments, please, by 16 September.  A few affirmative notes
saying, Yes, I reviewed it and it looks good, will also be helpful.
Keep in mind, as you review, that pet changes are out of scope at this
point.  We're just reviewing -21 to make sure (1) it doesn't break
anything from -20, and (2) it isn't missing anything that was brought
up in WGLC.  New issues will have to be very serious, indeed, in order
to be considered now.

Also, a note on the thread that Mike Thomas started about the OAuth
problem statement and threats:
I did encourage him to start the discussion, and I think it can be a
useful conversation.  I do NOT think it will or should result in a
change to the base spec, but it might feed into the threat model
document (draft-ietf-oauth-v2-threatmodel), as Torsten, et al, move
that toward completion.  Remember that the base spec encourages
readers to refer to the threat model document for more detailed
descriptions of threats and attacks.

Barry, as chair
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Reviewing draft-ietf-oauth-v2-21

[Phillip Hunt]

Agreed. 

Phil

On 2011-09-16, at 12:08, Torsten Lodderstedt tors...@lodderstedt.net wrote:

 I reviewed the diffs and it looks ok.
 
 regards,
 Torsten.
 
 Am 07.09.2011 17:59, schrieb Barry Leiba:
 As you've all probably seen, Eran has posted version 21 of the OAuth
 base spec, in which he believes he's addressed all comments and issues
 that came up in the review of version 20.  We should be ready to send
 this to the IESG.
 
 Everyone who had comments or issues, please review -21 and make sure
 that your concerns have been handled to your satisfaction (or that
 there was no consensus to make a change).  And we encourage everyone
 to review the changes from -20 to -21, to make sure Eran didn't
 inadvertently break anything along the way.
 
 The -21 is here:  http://tools.ietf.org/html/draft-ietf-oauth-v2-21
 And diffs from -20 can be found here:
 http://tools.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-21.txt
 
 We'll give it until the end of next week, while I work on the shepherd
 writeup.  Comments, please, by 16 September.  A few affirmative notes
 saying, Yes, I reviewed it and it looks good, will also be helpful.
 Keep in mind, as you review, that pet changes are out of scope at this
 point.  We're just reviewing -21 to make sure (1) it doesn't break
 anything from -20, and (2) it isn't missing anything that was brought
 up in WGLC.  New issues will have to be very serious, indeed, in order
 to be considered now.
 
 Also, a note on the thread that Mike Thomas started about the OAuth
 problem statement and threats:
 I did encourage him to start the discussion, and I think it can be a
 useful conversation.  I do NOT think it will or should result in a
 change to the base spec, but it might feed into the threat model
 document (draft-ietf-oauth-v2-threatmodel), as Torsten, et al, move
 that toward completion.  Remember that the base spec encourages
 readers to refer to the threat model document for more detailed
 descriptions of threats and attacks.
 
 Barry, as chair
 ___
 OAuth mailing list
 OAuth@ietf.org
 https://www.ietf.org/mailman/listinfo/oauth
 ___
 OAuth mailing list
 OAuth@ietf.org
 https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth