Discussion:
[OAUTH-WG] Alexey Melnikov's Discuss on
Alexey Melnikov
2017-02-02 08:05:46 UTC
Permalink
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

This is a fine document and I support its publication. However I have a
small set of issues that I would like to discuss first.

Are non ASCII names needed? (This is a protocol element, not a human
readable string, so non ASCII is not needed). Are ASCII spaces allowed in
names? More generally: what do you call printable character?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

In Section 6.1: suggestion to first describe IANA registration policy,
then describe restrictions on registered names. Otherwise the current
text doesn't flow well.

I am also agreeing with Stephen's DISCUSS.
Mike Jones
2017-02-02 15:05:17 UTC
Permalink
I'd be OK limiting the protocol elements to using ASCII characters, if that would be the IESG's preference.

-----Original Message-----
From: Alexey Melnikov [mailto:***@fastmail.fm]
Sent: Thursday, February 2, 2017 12:06 AM
To: The IESG <***@ietf.org>
Cc: draft-ietf-oauth-amr-***@ietf.org; Hannes Tschofenig <***@gmx.net>; oauth-***@ietf.org; ***@gmx.net; ***@ietf.org
Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-amr-values-05: (with DISCUSS and COMMENT)

Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

This is a fine document and I support its publication. However I have a small set of issues that I would like to discuss first.

Are non ASCII names needed? (This is a protocol element, not a human readable string, so non ASCII is not needed). Are ASCII spaces allowed in names? More generally: what do you call printable character?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

In Section 6.1: suggestion to first describe IANA registration policy, then describe restrictions on registered names. Otherwise the current text doesn't flow well.

I am also agreeing with Stephen's DISCUSS.
Alexey Melnikov
2017-02-02 15:07:01 UTC
Permalink
Hi Mike,
Post by Mike Jones
I'd be OK limiting the protocol elements to using ASCII characters, if
that would be the IESG's preference.
I think that would be much simpler for everybody.

I still want to confirm that spaces are allowed in names. Can you
confirm?
Post by Mike Jones
-----Original Message-----
Sent: Thursday, February 2, 2017 12:06 AM
(with DISCUSS and COMMENT)
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
----------------------------------------------------------------------
----------------------------------------------------------------------
This is a fine document and I support its publication. However I have a
small set of issues that I would like to discuss first.
Are non ASCII names needed? (This is a protocol element, not a human
readable string, so non ASCII is not needed). Are ASCII spaces allowed in
names? More generally: what do you call printable character?
----------------------------------------------------------------------
----------------------------------------------------------------------
In Section 6.1: suggestion to first describe IANA registration policy,
then describe restrictions on registered names. Otherwise the current
text doesn't flow well.
I am also agreeing with Stephen's DISCUSS.
Mike Jones
2017-02-02 18:05:04 UTC
Permalink
I was planning to stay with the characters specified in 6.1 (a) https://tools.ietf.org/html/draft-ietf-oauth-amr-values-05#section-6.1:

a. require that Authentication Method Reference values being
registered use only printable ASCII characters excluding double
quote ('"') and backslash ('\') (the Unicode characters with code
points U+0021, U+0023 through U+005B, and U+005D through U+007E),

That excludes space. That's the set taken from RFC 7638, Section 6 https://tools.ietf.org/html/rfc7638#section-6, which is a very related usage.

Space is excluded because sometimes in OAuth messages, values are represented as space-separated strings.

-- Mike

-----Original Message-----
From: Alexey Melnikov [mailto:***@fastmail.fm]
Sent: Thursday, February 2, 2017 7:07 AM
To: Mike Jones <***@microsoft.com>; The IESG <***@ietf.org>
Cc: draft-ietf-oauth-amr-***@ietf.org; Hannes Tschofenig <***@gmx.net>; oauth-***@ietf.org; ***@ietf.org
Subject: Re: Alexey Melnikov's Discuss on draft-ietf-oauth-amr-values-05: (with DISCUSS and COMMENT)

Hi Mike,
Post by Mike Jones
I'd be OK limiting the protocol elements to using ASCII characters, if
that would be the IESG's preference.
I think that would be much simpler for everybody.

I still want to confirm that spaces are allowed in names. Can you confirm?
Post by Mike Jones
-----Original Message-----
Sent: Thursday, February 2, 2017 12:06 AM
(with DISCUSS and COMMENT)
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut
this introductory paragraph, however.)
Please refer to
https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
----------------------------------------------------------------------
----------------------------------------------------------------------
This is a fine document and I support its publication. However I have
a small set of issues that I would like to discuss first.
Are non ASCII names needed? (This is a protocol element, not a human
readable string, so non ASCII is not needed). Are ASCII spaces allowed
in names? More generally: what do you call printable character?
----------------------------------------------------------------------
----------------------------------------------------------------------
In Section 6.1: suggestion to first describe IANA registration policy,
then describe restrictions on registered names. Otherwise the current
text doesn't flow well.
I am also agreeing with Stephen's DISCUSS.
Alexey Melnikov
2017-02-03 10:16:12 UTC
Permalink
Post by Mike Jones
I was planning to stay with the characters specified in 6.1 (a)
a. require that Authentication Method Reference values being
registered use only printable ASCII characters excluding double
quote ('"') and backslash ('\') (the Unicode characters with code
points U+0021, U+0023 through U+005B, and U+005D through U+007E),
That excludes space. That's the set taken from RFC 7638, Section 6
https://tools.ietf.org/html/rfc7638#section-6, which is a very related
usage.
Space is excluded because sometimes in OAuth messages, values are
represented as space-separated strings.
I am sorry I misread this earlier: you already exclude space, so the
text as specified is fine.
Post by Mike Jones
-- Mike
-----Original Message-----
Sent: Thursday, February 2, 2017 7:07 AM
(with DISCUSS and COMMENT)
Hi Mike,
Post by Mike Jones
I'd be OK limiting the protocol elements to using ASCII characters, if
that would be the IESG's preference.
I think that would be much simpler for everybody.
I still want to confirm that spaces are allowed in names. Can you confirm?
Post by Mike Jones
-----Original Message-----
Sent: Thursday, February 2, 2017 12:06 AM
(with DISCUSS and COMMENT)
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut
this introductory paragraph, however.)
Please refer to
https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
----------------------------------------------------------------------
----------------------------------------------------------------------
This is a fine document and I support its publication. However I have
a small set of issues that I would like to discuss first.
Are non ASCII names needed? (This is a protocol element, not a human
readable string, so non ASCII is not needed). Are ASCII spaces allowed
in names? More generally: what do you call printable character?
----------------------------------------------------------------------
----------------------------------------------------------------------
In Section 6.1: suggestion to first describe IANA registration policy,
then describe restrictions on registered names. Otherwise the current
text doesn't flow well.
I am also agreeing with Stephen's DISCUSS.
Mike Jones
2017-03-01 02:17:07 UTC
Permalink
Hi Alexey,

Draft -06 https://tools.ietf.org/html/draft-ietf-oauth-amr-values-06 restricts the character set to the printed subset of ASCII previously discussed. It also addresses the readability concern you raised. Finally, it adds references to address Stephen's point.

Thanks again for taking the time to produce your useful review.

-- Mike

-----Original Message-----
From: Alexey Melnikov [mailto:***@fastmail.fm]
Sent: Friday, February 3, 2017 2:16 AM
To: Mike Jones <***@microsoft.com>; The IESG <***@ietf.org>
Cc: draft-ietf-oauth-amr-***@ietf.org; Hannes Tschofenig <***@gmx.net>; oauth-***@ietf.org; ***@ietf.org
Subject: Re: Alexey Melnikov's Discuss on draft-ietf-oauth-amr-values-05: (with DISCUSS and COMMENT)
Post by Mike Jones
I was planning to stay with the characters specified in 6.1 (a)
a. require that Authentication Method Reference values being
registered use only printable ASCII characters excluding double
quote ('"') and backslash ('\') (the Unicode characters with code
points U+0021, U+0023 through U+005B, and U+005D through U+007E),
That excludes space. That's the set taken from RFC 7638, Section 6
https://tools.ietf.org/html/rfc7638#section-6, which is a very related
usage.
Space is excluded because sometimes in OAuth messages, values are
represented as space-separated strings.
I am sorry I misread this earlier: you already exclude space, so the text as specified is fine.
Post by Mike Jones
-- Mike
-----Original Message-----
Sent: Thursday, February 2, 2017 7:07 AM
(with DISCUSS and COMMENT)
Hi Mike,
Post by Mike Jones
I'd be OK limiting the protocol elements to using ASCII characters,
if that would be the IESG's preference.
I think that would be much simpler for everybody.
I still want to confirm that spaces are allowed in names. Can you confirm?
Post by Mike Jones
-----Original Message-----
Sent: Thursday, February 2, 2017 12:06 AM
(with DISCUSS and COMMENT)
Alexey Melnikov has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss
When responding, please keep the subject line intact and reply to
all email addresses included in the To and CC lines. (Feel free to
cut this introductory paragraph, however.)
Please refer to
https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
--------------------------------------------------------------------
--
--------------------------------------------------------------------
--
This is a fine document and I support its publication. However I
have a small set of issues that I would like to discuss first.
Are non ASCII names needed? (This is a protocol element, not a human
readable string, so non ASCII is not needed). Are ASCII spaces
allowed in names? More generally: what do you call printable character?
--------------------------------------------------------------------
--
--------------------------------------------------------------------
--
In Section 6.1: suggestion to first describe IANA registration
policy, then describe restrictions on registered names. Otherwise
the current text doesn't flow well.
I am also agreeing with Stephen's DISCUSS.
Loading...