idnits 2.17.1 draft-ietf-oauth-urn-sub-ns-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 16, 2012) is 4302 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2141 (Obsoleted by RFC 8141) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: A later version (-31) exists of draft-ietf-oauth-v2-30 Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OAuth Working Group B. Campbell 3 Internet-Draft Ping Identity Corp. 4 Intended status: Standards Track H. Tschofenig 5 Expires: January 17, 2013 Nokia Siemens Networks 6 July 16, 2012 8 An IETF URN Sub-Namespace for OAuth 9 draft-ietf-oauth-urn-sub-ns-06 11 Abstract 13 This document establishes an IETF URN Sub-namespace for use with 14 OAuth related specifications. 16 Status of this Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on January 17, 2013. 33 Copyright Notice 35 Copyright (c) 2012 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Registration Template . . . . . . . . . . . . . . . . . . . . . 3 52 2.1. Example Registration Request . . . . . . . . . . . . . . . 3 53 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 54 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 55 4.1. IETF URN Sub-namespace Registration 56 urn:ietf:params:oauth . . . . . . . . . . . . . . . . . . . 4 57 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 5.1. Normative References . . . . . . . . . . . . . . . . . . . 5 59 5.2. Informative References . . . . . . . . . . . . . . . . . . 5 60 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 5 61 Appendix B. Document History . . . . . . . . . . . . . . . . . . . 5 62 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 64 1. Introduction 66 Various extensions and companion specifications to The OAuth 2.0 67 Authorization Framework [I-D.ietf-oauth-v2] utilize URIs to identify 68 the extension in use or other relevant context. This document 69 creates and registers an IETF URN Sub-namespace, as documented in RFC 70 3553 [RFC3553], for use with such specifications. The new 'oauth' 71 sub-namespace is urn:ietf:params:oauth and OAuth relevant parameters 72 will be established underneath it. 74 2. Registration Template 76 If a registrant wishes to have a OAuth URI registered, then a URN of 77 the form urn:ietf:params:oauth: will be requested where 78 is a suitable representation of the functionality or concept 79 being registered. 81 The registration procedure for new entries requires a request in the 82 form of the following template and is Specification Required per RFC 83 5226 [RFC5226]. 85 URN: 86 The URI that identifies the registered functionality. 88 Common Name: 89 The name by which the functionality being registered is generally 90 known. 92 Change Controller: For standards-track RFCs, state "IETF". For 93 others, give the name of the responsible party. Other details 94 (e.g., postal address, e-mail address, home page URI) may also be 95 included. 97 Specification Document(s): Reference to the document that specifies 98 the URI, preferably including a URI that can be used to retrieve a 99 copy of the document. An indication of the relevant sections may 100 also be included, but is not required. 102 The registration request for the urn:ietf:params:oauth URN Sub- 103 namespace is found in the IANA Considerations (Section 4) section of 104 this document. 106 2.1. Example Registration Request 108 The following is an example registration request for a URI underneath 109 the urn:ietf:params:oauth sub-namespece. The requested URI 110 represents a new OAuth 2.0 grant type. 112 This is a request to IANA to please register the value 113 "grant-type:example" in the registry urn:ietf:params:oauth 114 established in An IETF URN Sub-Namespace for OAuth. 116 o URN: urn:ietf:params:oauth:grant-type:example 118 o Common Name: An Example Grant Type for OAuth 2.0 120 o Change controller: IETF 122 o Specification Document: [[the document URI]] 124 3. Security Considerations 126 There are no additional security considerations beyond those already 127 inherent to using URNs. Security considerations for URNs in general 128 can be found in RFC 2141 [RFC2141]. 130 Any work that is related to OAuth would benefit from familiarity with 131 the security considerations of The OAuth 2.0 Authorization Framework 132 [I-D.ietf-oauth-v2]. 134 4. IANA Considerations 136 This document makes two requests of IANA: 138 o Registration of a new IANA URN sub-namespace, 139 urn:ietf:params:oauth:, per RFC 3553 [RFC3553]. The registration 140 request can be found in Section 4.1 below. 142 o Establishment of a new registry for URNs subordinate to 143 urn:ietf:params:oauth. Instructions for a registrant to request 144 the registration of such a URN are in Section 2. 146 4.1. IETF URN Sub-namespace Registration urn:ietf:params:oauth 148 Per RFC 3553 [RFC3553], IANA is requested to please register a new 149 URN sub-namespace, urn:ietf:params:oauth. 151 o Registry name: oauth 153 o Specification: [[this document]] 155 o Repository: [[The registry created in Section 3.]] 156 o Index value: values subordinate to urn:ietf:params:oauth are of 157 the form urn:ietf:params:oauth: with as the index 158 value. It is suggested that include both a "class" and an 159 "identifier-within-class" component, with the two components being 160 separated by a colon (":"); other compositions of the may 161 also be used. 163 5. References 165 5.1. Normative References 167 [RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997. 169 [RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An 170 IETF URN Sub-namespace for Registered Protocol 171 Parameters", BCP 73, RFC 3553, June 2003. 173 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 174 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 175 May 2008. 177 5.2. Informative References 179 [I-D.ietf-oauth-v2] 180 Hardt, D. and D. Recordon, "The OAuth 2.0 Authorization 181 Framework", draft-ietf-oauth-v2-30 (work in progress), 182 July 2012. 184 Appendix A. Acknowledgements 186 The authors thank the following for their helpful contributions: 187 Stephen Farrell, Barry Leiba, Peter Saint-Andre, Eran Hammer, John 188 Bradley, Ben Campbell and Michael B. Jones. 190 Appendix B. Document History 192 [[ to be removed by RFC editor before publication as an RFC ]] 194 draft-ietf-oauth-urn-sub-ns-06 196 o Address editorial comments from Gen-ART LC Review: 197 http://www.ietf.org/mail-archive/web/gen-art/current/msg07576.html 199 draft-ietf-oauth-urn-sub-ns-05 200 o Change the registration procedure from Expert Review to 201 Specification Required per WG discussion 202 http://www.ietf.org/mail-archive/web/oauth/current/msg09445.html 204 draft-ietf-oauth-urn-sub-ns-04 206 o Changed the Index value (and Registration Template into paragraph) 207 from to just with a suggestion that it have 208 both a "class" and an "identifier-within-class" parts per 209 http://www.ietf.org/mail-archive/web/oauth/current/msg09381.html 210 so as to be less restrictive 212 draft-ietf-oauth-urn-sub-ns-03 214 o Changes to address comments in the message "AD review of 215 draft-ietf-oauth-urn-sub-ns-02" at 216 http://www.ietf.org/mail-archive/web/oauth/current/msg09350.html 217 and subsequent messages in that thread 219 o Update area and workgroup (now Security and OAuth was Internet and 220 nothing) 222 o Change from informational to standards-track 224 o Requesting new URNs now more lightweight by changing from 'RFC 225 Required' to 'Expert Review' (RFC5226) 227 o Rework much of the document to be more clear about it registering 228 the urn:ietf:params:oauth URN sub-namespace and separately how 229 other documents are to request URNs under that sub-namespace. 231 o Removed everything about asking the IANA to generate any part of 232 the URN. 234 o Added an Example Registration Request 236 o Added reference to OAuth security considerations in security 237 considerations. 239 o Added Acknowledgements 241 draft-ietf-oauth-urn-sub-ns-02 243 o fix typo: "The registration procedure for new entries to the 244 requires a request ..." --> "The registration procedure for new 245 entries requires a request ..." 247 draft-ietf-oauth-urn-sub-ns-01 248 o security considerations now points to RFC 2141 rather than RFC 249 3553 per 250 http://www.ietf.org/mail-archive/web/oauth/current/msg07880.html 252 draft-ietf-oauth-urn-sub-ns-00 254 o change doc name from draft-campbell-oauth-urn-sub-ns to 255 draft-ietf-oauth-urn-sub-ns per 256 http://www.ietf.org/mail-archive/web/oauth/current/msg07384.html 258 draft-campbell-oauth-urn-sub-ns-01 260 o minor editorial changes 262 draft-campbell-oauth-urn-sub-ns-00 264 o initial draft based on 265 http://www.ietf.org/mail-archive/web/oauth/current/msg06949.html 267 Authors' Addresses 269 Brian Campbell 270 Ping Identity Corp. 272 Email: brian.d.campbell@gmail.com 274 Hannes Tschofenig 275 Nokia Siemens Networks 277 Email: hannes.tschofenig@gmx.net