search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

PAR/RFC9126 in Normative references appears twice. #675

Open windsleigh opened 3 weeks ago

windsleigh commented 3 weeks ago

Description

In the Normative References there are two references to Pushed Authorization Requests [RFC9126]

RFC Title Link Date
[PAR] OAuth 2.0 Pushed Authorization Requests RFC9126: https://tools.ietf.org/html/rfc9126 September 2021
[RFC9126] OAuth 2.0 Pushed Authorization Requests: https://tools.ietf.org/html/rfc9126 September 2021

Intention and Value of Change

Avoid redundancy

Area Affected

Normative References

Change Proposed

I propose taking the same stance as PKCE reference.

RFC Title Link Date
[PKCE] / [RFC7636] Proof Key for Code Exchange by OAuth Public Clients: https://datatracker.ietf.org/doc/html/rfc7636 September 2015
RFC Title Link Date
[[PAR] / [RFC9126] OAuth 2.0 Pushed Authorization Requests: https://tools.ietf.org/html/rfc9126 September 2021

DSB Proposed Solution

The current DSB proposal for this issue is in https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/675#issuecomment-2484498149

windsleigh commented 3 weeks ago

par-redundancy

nils-work commented 3 days ago

Proposed Solution

Combine the two PAR rows into one, as shown below:

Reference Description Version
[PAR] / [RFC9126] OAuth 2.0 Pushed Authorization Requests: https://tools.ietf.org/html/rfc9126 September 2021

This has been staged - https://github.com/ConsumerDataStandardsAustralia/standards-staging/pull/461/files

nils-work commented 3 days ago

DSB proposal has been added.