Last Call Review of draft-ietf-oauth-discovery-07
review-ietf-oauth-discovery-07-opsdir-lc-bhandari-2017-10-23-00
Request | Review of | draft-ietf-oauth-discovery |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2017-10-09 | |
Requested | 2017-09-25 | |
Authors | Michael B. Jones , Nat Sakimura , John Bradley | |
I-D last updated | 2017-10-23 | |
Completed reviews |
Opsdir Last Call review of -07
by Shwetha Bhandari
(diff)
Secdir Last Call review of -07 by Donald E. Eastlake 3rd (diff) Genart Last Call review of -07 by Brian E. Carpenter (diff) Genart Telechat review of -08 by Brian E. Carpenter (diff) |
|
Assignment | Reviewer | Shwetha Bhandari |
State | Completed | |
Request | Last Call review on draft-ietf-oauth-discovery by Ops Directorate Assigned | |
Reviewed revision | 07 (document currently at 10) | |
Result | Ready | |
Completed | 2017-10-23 |
review-ietf-oauth-discovery-07-opsdir-lc-bhandari-2017-10-23-00
Reviewer: Shwetha Bhandari Review result: Ready I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server. The process of deploying authorization server metadata and discovering its location is out of scope of this specification. The specification establishes and populates IANA registry for authorization server metadata names. It also registers URI suffix “oauth-authorization-server” in the IANA "Well-Known URIs" registry without mandating applications to use only this suffix to publish authorization server metadata. There is no operational considerations or manageability section in the document. I don’t see any operational, network management or security management concerns with this document. Thanks, Shwetha