draft-ietf-oauth-urn-sub-ns-02.txt   draft-ietf-oauth-urn-sub-ns-03.txt 
B. Campbell, Ed. OAuth Working Group B. Campbell
Internet-Draft Ping Identity Corp. Internet-Draft Ping Identity Corp.
Intended status: Informational H. Tschofenig Intended status: Standards Track H. Tschofenig
Expires: July 4, 2012 Nokia Siemens Networks Expires: December 23, 2012 Nokia Siemens Networks
Jan 2012 June 21, 2012
An IETF URN Sub-Namespace for OAuth An IETF URN Sub-Namespace for OAuth
draft-ietf-oauth-urn-sub-ns-02 draft-ietf-oauth-urn-sub-ns-03
Abstract Abstract
This document establishes an IETF URN Sub-namespace for use with This document establishes an IETF URN Sub-namespace for use with
OAuth related specifications. OAuth related specifications.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 4, 2012. This Internet-Draft will expire on December 23, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 10 skipping to change at page 2, line 10
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
3. Registration Template . . . . . . . . . . . . . . . . . . . . . 3 3. Registration Template . . . . . . . . . . . . . . . . . . . . . 3
3.1. Example Registration Request . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
5.1. IETF URN Sub-namespace Registration 5.1. IETF URN Sub-namespace Registration
urn:ietf:params:oauth . . . . . . . . . . . . . . . . . . . 4 urn:ietf:params:oauth . . . . . . . . . . . . . . . . . . . 4
Appendix A. Document History . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 5
Appendix B. Document History . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
Various extensions and companion specifications to The OAuth 2.0 Various extensions and companion specifications to The OAuth 2.0
Authorization Protocol [I-D.ietf.oauth-v2] utilize URIs to identify Authorization Framework [I-D.ietf-oauth-v2] utilize URIs to identify
the extension in use or other relevant context. This document the extension in use or other relevant context. This document
creates and registers an IETF URN Sub-namespace, as documented in RFC creates and registers an IETF URN Sub-namespace, as documented in RFC
3553 [RFC3553], for use with such specifications. The new 'oauth' 3553 [RFC3553], for use with such specifications. The new 'oauth'
sub-namespace look like urn:ietf:params:oauth and OAuth relevant sub-namespace is urn:ietf:params:oauth and OAuth relevant parameters
parameters will be established underneath it. will be established underneath it.
2. Notational Conventions 2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
3. Registration Template 3. Registration Template
If the registrant wishes to have a URI assigned, then a URN of the If a registrant wishes to have a OAuth URI registered, then a URN of
form urn:ietf:params:oauth:<class>:<id> will be assigned where the form urn:ietf:params:oauth:<class>:<id> will be requested where
<class> is the category of the parameters being registered and <id> <class> is the category of the functionality being registered and
is a unique id generated by the IANA based on any means the IANA <id> is a unique id for the functionality within that class.
deems necessary to maintain uniqueness and persistence. NOTE: in
order for a URN of this type to be assigned, the item being
registered MUST be documented in a RFC. The RFC 3553 [RFC3553] URN
registration template is found in the IANA consideration section of
this document.
The registration procedure for new entries requires a request in the The registration procedure for new entries requires a request in the
form of the following template: form of the following template and is subject to Expert Review per
RFC 5226 [RFC5226].
URN: URN:
The token URI that identifies the registered component. If the The URI that identifies the registered functionality.
registrant is requesting that the IANA assign a URI then this
field should be specified as "please assign".
Common Name: Common Name:
The name by which the functionality being registered is generally The name by which the functionality being registered is generally
referred. known.
Registrant Contact: Change Controller: For standards-track RFCs, state "IETF". For
The individual/organization that is the registration contact for others, give the name of the responsible party. Other details
the component being registered. Ideally, this will be the name (e.g., postal address, e-mail address, home page URI) may also be
and pertinent physical and network contact information. In the included.
case of IETF developed standards, the Registrant will be the IESG.
Description: Specification Document(s): Reference to the document that specifies
Information about the registered functionality. the URI, preferably including a URI that can be used to retrieve a
copy of the document. An indication of the relevant sections may
also be included, but is not required.
The registration request for the urn:ietf:params:oauth URN Sub-
namespace is found in the IANA Considerations (Section 5) section of
this document.
3.1. Example Registration Request
The following is an example registration request for a URI underneath
the urn:ietf:params:oauth sub-namespece. The requested URI
represents a new OAuth 2.0 grant type.
This is a request to IANA to please register the value
"grant-type:example" in the registry urn:ietf:params:oauth
established in An IETF URN Sub-Namespace for OAuth.
o URN: urn:ietf:params:oauth:grant-type:example
o Common Name: An Example Grant Type for OAuth 2.0
o Change controller: IETF
o Specification Document: [[the document URI]]
4. Security Considerations 4. Security Considerations
None not already inherent to using URNs. Security considerations for None not already inherent to using URNs. Security considerations for
URNs in general can be found in RFC 2141 [RFC2141]. URNs in general can be found in RFC 2141 [RFC2141].
Any work that is related to OAuth would benefit from familiarity with
the security considerations of The OAuth 2.0 Authorization Framework
[I-D.ietf-oauth-v2].
5. IANA Considerations 5. IANA Considerations
This document makes two requests of IANA:
o Registration of a new IANA URN sub-namespace,
urn:ietf:params:oauth:, per RFC 3553 [RFC3553]. The registration
request can be found in Section 5.1 below.
o Establishment of a new registry for URNs subordinate to
urn:ietf:params:oauth. Instructions for a registrant to request
the registration of such a URN are in Section 3.
5.1. IETF URN Sub-namespace Registration urn:ietf:params:oauth 5.1. IETF URN Sub-namespace Registration urn:ietf:params:oauth
Per RFC 3553 [RFC3553], IANA is requested to establish the following Per RFC 3553 [RFC3553], IANA is requested to please register a new
registry. New entries to the registry are Specification Required. URN sub-namespace, urn:ietf:params:oauth.
o Registry name: urn:ietf:params:oauth o Registry name: oauth
o Specification: Section 3 of this document contains the registry o Specification: [[this document]]
specification.
o Repository: To be assigned according to the guidelines found o Repository: [[not sure about this? this document or
above. http://www.iana.org/assignments/oauth]]
o Index value: The class name o Index value: values subordinate to urn:ietf:params:oauth are of
the from urn:ietf:params:oauth:<class>:<id> with <class>:<id> as
the index value.
Appendix A. Document History 6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An
IETF URN Sub-namespace for Registered Protocol
Parameters", BCP 73, RFC 3553, June 2003.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
6.2. Informative References
[I-D.ietf-oauth-v2]
Hammer-Lahav, E., Recordon, D., and D. Hardt, "The OAuth
2.0 Authorization Framework", draft-ietf-oauth-v2-27 (work
in progress), June 2012.
Appendix A. Acknowledgements
The authors thank the following for their helpful contributions:
Stephen Farrell, Barry Leiba, Peter Saint-Andre and Michael B. Jones.
Appendix B. Document History
[[ to be removed by RFC editor before publication as an RFC ]] [[ to be removed by RFC editor before publication as an RFC ]]
draft-ietf-oauth-urn-sub-ns-03
o Changes to address comments in the message "AD review of
draft-ietf-oauth-urn-sub-ns-02" at
http://www.ietf.org/mail-archive/web/oauth/current/msg09350.html
and subsequent messages in that thread
o Update area and workgroup (now Security and OAuth was Internet and
nothing)
o Change from informational to standards-track
o Requesting new URNs now more lightweight by changing from 'RFC
Required' to 'Expert Review' (RFC5226)
o Rework much of the document to be more clear about it registering
the urn:ietf:params:oauth URN sub-namespace and separately how
other documents are to request URNs under that sub-namespace.
o Removed everything about asking the IANA to generate any part of
the URN.
o Added an Example Registration Request
o Added reference to OAuth security considerations in security
considerations.
o Added Acknowledgements
draft-ietf-oauth-urn-sub-ns-02 draft-ietf-oauth-urn-sub-ns-02
o fix typo: "The registration procedure for new entries to the o fix typo: "The registration procedure for new entries to the
requires a request ..." --> "The registration procedure for new requires a request ..." --> "The registration procedure for new
entries requires a request ..." entries requires a request ..."
draft-ietf-oauth-urn-sub-ns-01 draft-ietf-oauth-urn-sub-ns-01
o security considerations now points to RFC 2141 rather than RFC o security considerations now points to RFC 2141 rather than RFC
3553 per 3553 per
skipping to change at page 5, line 7 skipping to change at page 7, line 4
3553 per 3553 per
http://www.ietf.org/mail-archive/web/oauth/current/msg07880.html http://www.ietf.org/mail-archive/web/oauth/current/msg07880.html
draft-ietf-oauth-urn-sub-ns-00 draft-ietf-oauth-urn-sub-ns-00
o change doc name from draft-campbell-oauth-urn-sub-ns to o change doc name from draft-campbell-oauth-urn-sub-ns to
draft-ietf-oauth-urn-sub-ns per draft-ietf-oauth-urn-sub-ns per
http://www.ietf.org/mail-archive/web/oauth/current/msg07384.html http://www.ietf.org/mail-archive/web/oauth/current/msg07384.html
draft-campbell-oauth-urn-sub-ns-01 draft-campbell-oauth-urn-sub-ns-01
o minor editorial changes o minor editorial changes
draft-campbell-oauth-urn-sub-ns-00 draft-campbell-oauth-urn-sub-ns-00
o initial draft based on o initial draft based on
http://www.ietf.org/mail-archive/web/oauth/current/msg06949.html http://www.ietf.org/mail-archive/web/oauth/current/msg06949.html
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An
IETF URN Sub-namespace for Registered Protocol
Parameters", BCP 73, RFC 3553, June 2003.
6.2. Informative References
[I-D.ietf.oauth-v2]
Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, "The
OAuth 2.0 Authorization Protocol",
ID draft-ietf-oauth-v2-20 (work in progress), July 2011.
Authors' Addresses Authors' Addresses
Brian Campbell (editor) Brian Campbell
Ping Identity Corp. Ping Identity Corp.
Email: brian.d.campbell@gmail.com Email: brian.d.campbell@gmail.com
Hannes Tschofenig Hannes Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
Email: hannes.tschofenig@gmx.net Email: hannes.tschofenig@gmx.net
 End of changes. 27 change blocks. 
63 lines changed or deleted 133 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/