[Ace] Review of draft-tiloca-ace-revoked-token-notification-00

2019-11-20 Thread Travis Spencer
Hi All, I wanted to submit a review of "Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework" (draft-tiloca-ace-revoked-token-notification-00). I am an ACE noob, but hopefully my feedback will be constructive and helpful. If th

Re: [Ace] comment on draft-ietf-ace-oauth-authz-26

2019-11-20 Thread Daniel Migault
Hi Ludwig, Thanks for the feed back. I was raising the issue before it got forgotten. , and I must say I did not checked whether it had been addressed or not, as I did not remember this had been raised for the ace-oauth-authz document. What you are saying is that the draft has been updated al

Re: [Ace] comment on draft-ietf-ace-oauth-authz-26

2019-11-20 Thread Ludwig Seitz
On 21/11/2019 03:29, Daniel Migault wrote: Hi, This only concerns potential clarification of the text. While reviewing mqtt-profile draft I raised an issue regarding the reference for Oauth [RFC6749] while the remaining of the document references draft-ietf-ace-oauth-authz [1]. My reading of

[Ace] comment on draft-ietf-ace-oauth-authz-26

2019-11-20 Thread Daniel Migault
Hi, This only concerns potential clarification of the text. While reviewing mqtt-profile draft I raised an issue regarding the reference for Oauth [RFC6749] while the remaining of the document references draft-ietf-ace-oauth-authz [1]. My reading of draft-ietf-ace-oauth-authz section 5.6.3

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

2019-11-20 Thread Ludwig Seitz
Hello ACE, turns out -26 didn't cover one of the items in Ben's review, namely the question of using Client introspection to determine token expiration as a lower bound for key expiration. Since the whole issue of Client introspection was contentious between OAuth experts, we decided to remov

[Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

2019-11-20 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF. Title : Authentication and Authorization for Constrained Environments (ACE) using the