Telechat Review of draft-ietf-ace-oauth-authz-41
review-ietf-ace-oauth-authz-41-secdir-telechat-hallam-baker-2021-05-21-00
| Request | Review of | draft-ietf-ace-oauth-authz |
|---|---|---|
| Requested revision | No specific revision (document currently at 46) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-03-23 | |
| Requested | 2021-03-08 | |
| Authors | Ludwig Seitz , Göran Selander , Erik Wahlstroem , Samuel Erdtman , Hannes Tschofenig | |
| I-D last updated | 2021-05-21 | |
| Completed reviews |
Secdir Last Call review of -27
by Stephen Kent
(diff)
Genart Last Call review of -27 by Stewart Bryant (diff) Secdir Telechat review of -41 by Phillip Hallam-Baker (diff) |
|
| Assignment | Reviewer | Phillip Hallam-Baker |
| State | Completed | |
| Request | Telechat review on draft-ietf-ace-oauth-authz by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/CPy7ePMZUHxeFAax_382GeSqzOI | |
| Reviewed revision | 41 (document currently at 46) | |
| Result | Ready | |
| Completed | 2021-05-21 |
review-ietf-ace-oauth-authz-41-secdir-telechat-hallam-baker-2021-05-21-00
This draft was previously reviewed by Steve Kent for the -27 version. My review therefore mostly consists of checking that the changes recommended have been made and that no new issues have arisen. Note that contrary to the data in the tracker, I was not given the assignment in 2019. If you decide that you want to use OAUTH for authorization security for Internet of Things, this is a reasonable approach to take. This is not a simple proposition or for the fainthearted. OAuth is built around the various constraints of the browser world to which the constraints of being a constrained device are added. The issues raised by Steve have all been addressed as far as I can see. It looks good to go but since it is a security spec, ADs should still take note.