From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc6755.txt | 283 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 283 insertions(+) create mode 100644 doc/rfc/rfc6755.txt (limited to 'doc/rfc/rfc6755.txt') diff --git a/doc/rfc/rfc6755.txt b/doc/rfc/rfc6755.txt new file mode 100644 index 0000000..c56fcd9 --- /dev/null +++ b/doc/rfc/rfc6755.txt @@ -0,0 +1,283 @@ + + + + + + +Internet Engineering Task Force (IETF) B. Campbell +Request for Comments: 6755 Ping Identity Corp. +Category: Informational H. Tschofenig +ISSN: 2070-1721 Nokia Siemens Networks + October 2012 + + + An IETF URN Sub-Namespace for OAuth + +Abstract + + This document establishes an IETF URN Sub-namespace for use with + OAuth-related specifications. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Not all documents + approved by the IESG are a candidate for any level of Internet + Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc6755. + +Copyright Notice + + Copyright (c) 2012 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + + + + +Campbell & Tschofenig Informational [Page 1] + +RFC 6755 An IETF URN Sub-Namespace for OAuth October 2012 + + +Table of Contents + + 1. Introduction ....................................................2 + 2. Registration Template ...........................................2 + 2.1. Example Registration Request ...............................3 + 3. Security Considerations .........................................3 + 4. IANA Considerations .............................................3 + 4.1. IETF URN Sub-Namespace Registration urn:ietf:params:oauth ..4 + 5. References ......................................................4 + 5.1. Normative References .......................................4 + 5.2. Informative Reference ......................................4 + Appendix A. Acknowledgements ......................................5 + +1. Introduction + + Various extensions and companion specifications to the OAuth 2.0 + Authorization Framework [OAUTH-V2] utilize URIs to identify the + extension in use or other relevant context. This document creates + and registers an IETF URN Sub-namespace, as documented in RFC 3553 + [RFC3553], for use with such specifications. The new 'oauth' Sub- + namespace is urn:ietf:params:oauth, and OAuth relevant parameters + will be established underneath it. + +2. Registration Template + + If a registrant wishes to have an OAuth URI registered, then a URN of + the form urn:ietf:params:oauth: will be requested where + is a suitable representation of the functionality or concept + being registered. + + The registration procedure for new entries requires a request in the + form of the following template and is "Specification Required" per + RFC 5226 [RFC5226]. + + URN: + The URI that identifies the registered functionality. + + Common Name: + The name by which the functionality being registered is generally + known. + + Change Controller: For Standards Track RFCs, state "IETF". For + others, give the name of the responsible party. Other details + (e.g., postal address, email address, and home page URI) may also + be included. + + + + + + +Campbell & Tschofenig Informational [Page 2] + +RFC 6755 An IETF URN Sub-Namespace for OAuth October 2012 + + + Specification Document(s): Reference to the document that specifies + the URI, preferably including a URI that can be used to retrieve a + copy of the document. An indication of the relevant sections may + also be included but is not required. + + The registration request for the urn:ietf:params:oauth URN Sub- + namespace is found in the IANA Considerations section of this + document (Section 4). + +2.1. Example Registration Request + + The following is an example registration request for a URI underneath + the urn:ietf:params:oauth Sub-namespace. The requested URI + represents a new OAuth 2.0 grant type. + + This is a request to IANA to please register the value + "grant-type:example" in the registry urn:ietf:params:oauth + established in an IETF URN Sub-namespace for OAuth. + + o URN: urn:ietf:params:oauth:grant-type:example + + o Common Name: An Example Grant Type for OAuth 2.0 + + o Change controller: IETF + + o Specification Document: [the document URI] + +3. Security Considerations + + There are no additional security considerations beyond those already + inherent to using URNs. Security considerations for URNs in general + can be found in RFC 2141 [RFC2141]. + + Any work that is related to OAuth would benefit from familiarity with + the security considerations of the OAuth 2.0 Authorization Framework + [OAUTH-V2]. + +4. IANA Considerations + + IANA has created the following: + + o The registration of a new IANA URN Sub-namespace, + urn:ietf:params:oauth:, per RFC 3553 [RFC3553]. The registration + request can be found in Section 4.1 below. + + o A new registry called the "OAuth URI" registry for URNs + subordinate to urn:ietf:params:oauth. The registry "OAuth URI" + has been added to a new top-level registry called "OAuth + + + +Campbell & Tschofenig Informational [Page 3] + +RFC 6755 An IETF URN Sub-Namespace for OAuth October 2012 + + + Parameters" as defined by [OAUTH-V2]. Instructions for a + registrant to request the registration of such a URN are in + Section 2. + +4.1. IETF URN Sub-Namespace Registration urn:ietf:params:oauth + + Per RFC 3553 [RFC3553], IANA has registered a new URN Sub-namespace, + urn:ietf:params:oauth. + + o Registry name: oauth + + o Specification: [this document] + + o Repository: [The registry created in Section 2.] + + o Index value: values subordinate to urn:ietf:params:oauth are of + the form urn:ietf:params:oauth: with as the index + value. It is suggested that include both a "class" and an + "identifier-within-class" component, with the two components being + separated by a colon (":"); other compositions of the may + also be used. + +5. References + +5.1. Normative References + + [RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997. + + [RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An + IETF URN Sub-namespace for Registered Protocol + Parameters", BCP 73, RFC 3553, June 2003. + + [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 5226, + May 2008. + +5.2. Informative Reference + + [OAUTH-V2] Hardt, D., "The OAuth 2.0 Authorization Framework", Work + in Progress, July 2012. + + + + + + + + + + + +Campbell & Tschofenig Informational [Page 4] + +RFC 6755 An IETF URN Sub-Namespace for OAuth October 2012 + + +Appendix A. Acknowledgements + + The authors thank the following for their helpful contributions: + Stephen Farrell, Barry Leiba, Peter Saint-Andre, Eran Hammer, John + Bradley, Ben Campbell, and Michael B. Jones. + +Authors' Addresses + + Brian Campbell + Ping Identity Corp. + + EMail: brian.d.campbell@gmail.com + + + Hannes Tschofenig + Nokia Siemens Networks + + EMail: hannes.tschofenig@gmx.net + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Campbell & Tschofenig Informational [Page 5] + -- cgit v1.2.3