INCOMPLETE
This document records the User-Managed Access (UMA) Work Group's disposition of comments received since the beginning of the May-July 2017 Public Comment and IPR Review period for the UMA V2.0 Draft Recommendations.
Key:
- Comment Reference: The GitHub repository issue number of the comment and possibly a reference to a subpart of that issue. All issues relevant to the Public Comment and IPR Review period use both the label "V2.0" and the label "public comment period". The content of all comments has been stored in GitHub.
- Specification Reference(s): A reference such as "Grant Sec n.n" or "FedAuthz Sec n.n". "Grant" refers to User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization revision 05 and "FedAuthz" refers to Federated Authorization for User-Managed Access (UMA) 2.0 revision 05, the Draft Recommendations under review. Note that issues relevant to each specification have been labeled "grant" and "fedauthz", respectively.
- Editorial/Technical: Whether the comment involves an editorial change (a change to interpretive wording, generally minor) or a technical one (a change to normative language that requires implementation work). Note that a label of "editorial" has been applied to issues that appear, at first blush, to be editorial. Note also that applying these categories itself requires interpretation, and there is some gray area between them.
- Disposition: The Work Group's conclusion about the action to take in response to the comment. A "Commit" link goes to the GitHub commit showing the exact specification text change.
- Report Out: Whether the commenter submitted comments through the official Public Comment period channel, and requires reporting back of the disposition.
- Notes: Context that may be helpful for the Leadership Council.
| Comment Reference | Specification Reference(s) | Editorial/ Technical | Disposition | Report Out | Notes |
|---|---|---|---|---|---|
| #326 | Grant Sec 1.3 | Editorial | Commit | Editorial improvement to a spec definition suggested; discussed by several WG participants and consensus rapidly gained. | |
| #327 | Grant Sec 3.3.6 | Editorial | Commit | Simple editorial wording fix suggested; discussed by several WG participants and consensus rapidly gained. | |
| #328 | Grant Sec 3.3.4 | Editorial | Commit | Interpretation issue raised; discussed thoroughly by the WG and an editorial enhancement removing ambiguity adopted by the WG. | |
#329 | Grant 7.4.1 | Editorial | Commit | Incorrect cross-reference noted; fix applied without WG intervention required. | |
| #330 | FedAuthz Sec 9.2 | Editorial | No change | Simple editorial correction suggested; fix overcome by events (#334). | |
| #331 | FedAuthz Sec 9.3 | Editorial | Commit | Simple editorial correction suggested; fix applied without WG intervention required. | |
| #332 | Grant (various) | Editorial | No change | Interpretation question raised; WG decided to keep the existing wording. | |
| #333 | Grant Sec 3.3.6 | Editorial | Commit | Simple editorial correction requested; fix applied without WG intervention required. | |
| #334 | FedAuthz Sec 1, FedAuthz Sec 9.2 | Editorial | Commit | Interpretation issue raised; discussed thoroughly by the WG and an editorial resolution adopted by the WG involving removal of text. | |
#335a | Grant (various), FedAuthz (various) | Editorial | No change | Yes | Editorial improvement requested; editor recommended no change. |
| #335b | Grant (various), FedAuthz (various) | Editorial | Commit | Yes | Editorial improvements requested; small edits applied without WG intervention required. |
| #335c | Grant Sec 1.3 | Editorial | tbs | Yes | Editorial improvement to diagram(s) requested; tbs |
| #335d | Grant Sec 1.3 | Editorial | Commit | Yes | Editorial improvement to diagram(s) requested; added clarification to existing diagram after WG consultation. |
| #336 | FedAuthz Sec 5.1 | Editorial | Commit | Editorial improvement requested; discussed by several WG participants and consensus rapidly gained. | |
| #337a | FedAuthz Sec 5.1.1 | Editorial | Commit | Clarification requested; WG determined an editorial improvement. | |
| #337b | Grant Sec 3.3.3 | Editorial | Commit | Clarification requested; WG determined an editorial improvement. | |
| #337c,d | Grant Sec 2, Grant Sec 3.3.2, Grant new Sec 7.3 | Technical | Commit | Request for new mechanism for dynamic client registration mechanism and clarity; WG agreed. Mechanism requires a registration request to IANA. | |
| #337e | Grant Sec 3.3.3 | Editorial | Commit | Simple editorial correction requested; fix applied without WG intervention required. | |
| #337f | Grant Sec 3.3.4 | Editorial | tbs | Clarification requested; tbs | |
| #337g | Grant (various) | Editorial | Commit | Additional security considerations requested; WG agreed to add a form of security considerations that gives more discretion to the authorization server than was requested. | |
| #338 | FedAuthz Sec 3.2.1 | Editorial | Commit | Simple typo correction requested; typo fixed without WG intervention required. | |
| #339 | FedAuthz Sec 4.1 | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. | |
| #340 | Grant Sec 3.3.6 | Technical | Commit, commit, commit | Change requested; WG ultimately reintroduced (and renamed) an UMA1 error code that was previously removed: was not_authorized, now called request_denied. | |
| #341 | Grant Sec 3.3.6, Sec 5.6 | Technical | Commit | Change requested; WG made a different change, adding an optional new feature. | |
| #342 | |||||
| #343 | Grant Sec 3.3.6 | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. | |
| #344 | Grant Sec 3.3.6 | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. | |
| #345 | Grant Sec 3.3.6 | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. | |
| #346 | Grant Sec 3.3.4 | Editorial | No change | Clarification requested; commenter decided to close own issue without action | |
| #347 | Grant Sec 3.3.6 | Editorial | Commit | Change requested; WG gave the authorization server discretion to report the requested error. | |
| #348 | Grant Sec 3.3.1, Sec 3.6, new Sec 6.1, FedAuthz Sec 1.4.1, Sec 8 | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. | |
| #349 | (see above) | Editorial | Commit | Clarification requested; WG confirmed the correct interpretation and clarification text. (See #348 for details.) | |
| #350 | Grant Sec 3.3.4 | Editorial | Commit, commit | Yes | Clarification requested; WG confirmed the correct interpretation and clarification text. |
| #351 | FedAuthz (various) | Editorial | Commit | Variety of editorial comments, typo corrections, and the like made; implemented without WG intervention required. Note that the original form of the text in Sec 3.2, since corrected, could have led implementers astray, implying that a field was required when it was clear in a different context (Sec 3.2.4) that the field would not appear. | |
| #352 | FedAuthz Sec 1.4.1, Sec 1.5 | Editorial | Commit | Change requested; WG made some clarifications instead. |