Telechat Review of draft-ietf-ace-oauth-authz-41
review-ietf-ace-oauth-authz-41-secdir-telechat-hallam-baker-2021-05-21-00
Request | Review of | draft-ietf-ace-oauth-authz |
---|---|---|
Requested revision | No specific revision (document currently at 46) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2021-03-23 | |
Requested | 2021-03-08 | |
Authors | Ludwig Seitz , Göran Selander , Erik Wahlstroem , Samuel Erdtman , Hannes Tschofenig | |
I-D last updated | 2021-05-21 | |
Completed reviews |
Secdir Last Call review of -27
by Stephen Kent
(diff)
Genart Last Call review of -27 by Stewart Bryant (diff) Secdir Telechat review of -41 by Phillip Hallam-Baker (diff) |
|
Assignment | Reviewer | Phillip Hallam-Baker |
State | Completed | |
Request | Telechat review on draft-ietf-ace-oauth-authz by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/CPy7ePMZUHxeFAax_382GeSqzOI | |
Reviewed revision | 41 (document currently at 46) | |
Result | Ready | |
Completed | 2021-05-21 |
review-ietf-ace-oauth-authz-41-secdir-telechat-hallam-baker-2021-05-21-00
This draft was previously reviewed by Steve Kent for the -27 version. My review therefore mostly consists of checking that the changes recommended have been made and that no new issues have arisen. Note that contrary to the data in the tracker, I was not given the assignment in 2019. If you decide that you want to use OAUTH for authorization security for Internet of Things, this is a reasonable approach to take. This is not a simple proposition or for the fainthearted. OAuth is built around the various constraints of the browser world to which the constraints of being a constrained device are added. The issues raised by Steve have all been addressed as far as I can see. It looks good to go but since it is a security spec, ADs should still take note.