[Openid-specs-ab] Second Call for Adoption for the OpenID Connect Key Binding Specification

Dick Hardt dick.hardt at gmail.com
Thu Oct 9 13:54:26 UTC 2025 

Brian

I looked in the latest version which was updated based on your earlier
feedback, which included fixing all the references as I did not know how to
properly do references with the mmark tool. Here is the link again, and it
is the same content that I just published to the list.

https://dickhardt.github.io/openid-key-binding/main.html

I don't see "The OAuth 2.0 Authorization Framework: Bearer Token Usage" or
RFC 6750, nor does it cite RFC 7549 in there.

Perhaps my browser is not searching the HTML accurately. Would you send me
a screenshot of where you see these references?

/Dick

On Thu, Oct 9, 2025 at 2:24 PM Brian Campbell <bcampbell at pingidentity.com>
wrote:

> Dick,
>
> It's in the html submission to the working group, one of the screenshot
> snippets of that submission sent previously, and in the history in that
> dickhardt github repository. But feigning unawareness or actually not being
> aware of the content of your own submission and deflecting with a reply
> only about that one example is, to me anyway, indicative of the larger
> pattern of problematic conduct.
>
>
> On Wed, Oct 8, 2025 at 11:34 PM Dick Hardt <dick.hardt at gmail.com> wrote:
>
>> Brian,
>>
>> I've reviewed the draft at
>> https://dickhardt.github.io/openid-key-binding/main.html and cannot find
>> the RFC 7549 reference you described. The document does not contain a
>> reference to "The OAuth 2.0 Authorization Framework: Bearer Token Usage" or
>> RFC 6750, nor does it cite RFC 7549.
>> If you're looking at a different version or document, please clarify.
>> Otherwise, I'm unclear what specific error you're referring to.
>>
>> If you have substantive technical concerns about the proposal, I'm happy
>> to address them. The working group's time is best spent on technical merit
>> rather than formatting.
>>
>> /Dick
>>
>> On Thu, Oct 9, 2025 at 5:38 AM Brian Campbell <bcampbell at pingidentity.com>
>> wrote:
>>
>>> Dick,
>>>
>>> Your message comes across as unnecessarily sarcastic and disrespectful,
>>> even by my threshold for such things, and I believe it is
>>> entirely inappropriate. I have raised code of conduct concerns with
>>> OIDF's Executive Director about this message (Gail and a few others are
>>> copied here too to put in on record) but also a larger pattern of behavior
>>> towards me and other participants.
>>>
>>> For the record, the issues I noted previously were not limited to
>>> unresolved references or mistakes in indentation. The draft, and more
>>> importantly, how it has been brought to the working group, also has
>>> substantive problems that go well beyond formatting. Those were simply the
>>> easiest things to demonstrate concretely. Even there, though, they point to
>>> deeper problems.
>>>
>>> As just one example, there was a reference to the title "The OAuth 2.0
>>> Authorization Framework: Bearer Token Usage," which is the same as the
>>> title of RFC 6750, which was ostensibly co-authored by you. But it was
>>> cited as RFC 7549, which is the entirely unrelated "3GPP SIP URI
>>> Inter-Operator Traffic Leg Parameter", and lists a group of authors not on
>>> either RFC 7549 or 6750. I can venture some guesses as to what happened
>>> there but it's really immaterial.
>>>
>>> The larger concern is that it is, at least to me, highly disrespectful
>>> to present something with such a significant number of issues - and even
>>> more so when the substance is potentially controversial, prone to
>>> misunderstanding, or overlapping with existing work - compounded by
>>> dismissive and at times insulting engagement when met with disagreement.
>>>
>>> I’d like to see us get back to a place where discussions here are
>>> constructive and focused on improving the work and output of the entire
>>> working group and foundation itself, even when there’s disagreement. That
>>> requires both technical rigor, basic respect, honesty and integrity. I hope
>>> we can move forward on that basis. Proceeding with adoption of this as
>>> currently presented is not that, however.
>>>
>>>
>>>
>>> On Fri, Oct 3, 2025 at 8:46 AM Dick Hardt <dick.hardt at gmail.com> wrote:
>>>
>>>> Hi Brian, my sincere apologies for the inconvenience of the references
>>>> not resolving and mistakes in indentation -- that must have been very
>>>> distracting when reading the text. Thank you for not pointing out
>>>> the issues previously, as they existed in the earlier draft, that would
>>>> have been very embarrassing. I appreciate your thoughtful response on how
>>>> to resolve this. It is such a pleasure working with you -- having you
>>>> participate in this WG is such a delight!
>>>>
>>>> With your expert guidance I have resolved the issues you pointed out so
>>>> that no one else has to suffer the way you did. Others can find the updated
>>>> draft at:
>>>>
>>>> https://dickhardt.github.io/openid-key-binding/main.html
>>>>
>>>>
>>>>
>>>> On Thu, Oct 2, 2025 at 10:12 PM Brian Campbell via Openid-specs-ab <
>>>> openid-specs-ab at lists.openid.net> wrote:
>>>>
>>>>> As I said on the WG call earlier today, I believe it would be
>>>>> appropriate for a baseline level of document hygiene/quality to be in place
>>>>> before the individuals in the WG are asked to invest time looking at a
>>>>> draft, let alone considering adoption of something. Mistakes happen, of
>>>>> course, but I, for one, would really appreciate not having the feeling that
>>>>> something wasn't even looked over before it was posted/submitted.
>>>>> Screenshot snippets of a few examples of problematic areas of the draft are
>>>>> below. It's certainly not an exhaustive list though. Nor is this my only
>>>>> concern with the work.
>>>>>
>>>>>
>>>>> [image: Screenshot 2025-10-02 at 7.17.44 AM.png]
>>>>>
>>>>> [image: Screenshot 2025-10-02 at 2.50.49 PM.png]
>>>>>
>>>>> [image: Screenshot 2025-10-02 at 7.18.12 AM.png]
>>>>>
>>>>>
>>>>> On Thu, Oct 2, 2025 at 6:45 AM Michael Jones via Openid-specs-ab <
>>>>> openid-specs-ab at lists.openid.net> wrote:
>>>>>
>>>>>> Responding to feedback from the initial call for adoption, the
>>>>>> authors of the OpenID Connect Key Binding specification revised it to clear
>>>>>> up potential misunderstandings of what the draft does and doesn't do.  The
>>>>>> revised specification was submitted to the working group for consideration
>>>>>> in the message
>>>>>> https://lists.openid.net/pipermail/openid-specs-ab/2025-October/011023.html
>>>>>> .
>>>>>>
>>>>>>
>>>>>>
>>>>>> This message starts a one-week call for adoption for the revised
>>>>>> specification, ending on Thursday, October 9th.  Even if you
>>>>>> responded to the initial call for adoption, please reply to this one
>>>>>> stating your views.
>>>>>>
>>>>>>
>>>>>>
>>>>>>                                                                 Thank
>>>>>> you,
>>>>>>
>>>>>>                                 -- Mike (writing as a Connect WG
>>>>>> chair)
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>
>>>>>
>>>>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>>>>> privileged material for the sole use of the intended recipient(s). Any
>>>>> review, use, distribution or disclosure by others is strictly prohibited.
>>>>> If you have received this communication in error, please notify the sender
>>>>> immediately by e-mail and delete the message and any file attachments from
>>>>> your computer. Thank you.*
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>
>>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>>> privileged material for the sole use of the intended recipient(s). Any
>>> review, use, distribution or disclosure by others is strictly prohibited.
>>> If you have received this communication in error, please notify the sender
>>> immediately by e-mail and delete the message and any file attachments from
>>> your computer. Thank you.*
>>
>>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251009/f080dece/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2025-10-02 at 7.17.44?AM.png
Type: image/png
Size: 17756 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251009/f080dece/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2025-10-02 at 7.18.12?AM.png
Type: image/png
Size: 39304 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251009/f080dece/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2025-10-02 at 2.50.49?PM.png
Type: image/png
Size: 18692 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20251009/f080dece/attachment-0005.png>

More information about the Openid-specs-ab mailing list