Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 23 July 2012 11:33 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E89E721F8710; Mon, 23 Jul 2012 04:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.571
X-Spam-Level:
X-Spam-Status: No, score=-103.571 tagged_above=-999 required=5 tests=[AWL=-0.972, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA0NKqq9Q7Lj; Mon, 23 Jul 2012 04:33:57 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDF721F8712; Mon, 23 Jul 2012 04:33:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 9CADA157E9D; Mon, 23 Jul 2012 12:33:56 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1343043236; bh=zlZVW7JnCAAOdA FCo3QjL6Cwgi5N0InfZKwshhb1c08=; b=Rz+B7GlBMZcglxfCDggSX5w/QjKA/j 4IeJEOb+ilqnziqo7EW42A6CASy1BzEZvCQrPphNIGj69ZoZ2Q0QrI2d3zZFvzwc 2NNeLApyqYoTo8UFoNh84WiuYN5p7IEBICyofrgl4Helh3qyylgmp4KJcTcEPzem tnid7Ot41Mq2a+GFsSeFMx/zafZRGWjemqDZ5kcUchp+CPaN3XzKqcQ5IBjLv1qR d8/YToOceD8HZ7oYznetIA1VZC3FQYSt7Boto+M7gWuf0/Zt9yuFCRugmOx1QAfA UUWh53HsLEm9tu4oy5KFCcPjGcaEXxyRU1lNpucAyZcOpJKiVFVtYRrQ==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id eK+TMG3t9T04; Mon, 23 Jul 2012 12:33:56 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.58.178]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id B4F3A157B8D; Mon, 23 Jul 2012 12:33:49 +0100 (IST)
Message-ID: <500D369B.2070603@cs.tcd.ie>
Date: Mon, 23 Jul 2012 12:33:47 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
Subject: Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
References: <500C7FD1.4050408@cs.tcd.ie> <500D03C9.9030305@gmx.de>
In-Reply-To: <500D03C9.9030305@gmx.de>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" <oauth@ietf.org>, IETF-Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2012 11:33:59 -0000
Hiya, On 07/23/2012 08:56 AM, Julian Reschke wrote: > On 2012-07-23 00:33, Stephen Farrell wrote: >> >> Hi all, >> >> I'd like to check that some recent minor changes to this >> document [1] don't cause technical or process-grief. >> >> The version [2] of the oauth bearer draft that underwent >> IETF LC and IESG evaluation had a normative dependency >> on the httpbis wg's authentication framework. [3] >> >> After resolving IESG discuss positions the authors and >> wg chairs felt that it would be better to replace the >> normative reference to the httpbis wg draft [3] with one >> to RFC 2617 [4] so that the OAuth drafts wouldn't be held >> in the RFC editor queue waiting on the httpbis wg to get >> done. >> >> I believe there is no impact on interop resulting from >> this change but there has been some disagreement about >> making it and how it was made. After some offlist discussion >> I think we now have an RFC editor note [5] that means that >> the current scheme of referring to RFC 2617 is ok. >> ... > > Quoting: > >> NEW: >> >> The "Authorization" header for this scheme follows the usage >> of the Basic scheme [RFC2617]. Note that, as with Basic, this >> is compatible with the the general authentication framework >> being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though >> does not follow the preferred practice outlined therein in >> order to reflect existing deployments. The syntax for Bearer >> credentials is as follows: > > That helps, but it still hides the fact that the syntax is not > compatible with the RFC 2617 framework. "hides" isn't a goal:-) > Also, s/header/header field/ > > Proposal: > > "The syntax of the "Authorization" header field for this scheme follows > the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note > that, as with Basic, it does not conform to the generic syntax defined > in Section 1.2 of [RFC2617], but that it is compatible with the the > general authentication framework being developed for HTTP 1.1 > [I-D.ietf-httpbis-p7-auth], although it does not follow the preferred > practice outlined therein in order to reflect existing deployments. > > The syntax for Bearer credentials is as follows: ..." That looks better. I've updated the RFC editor note to use your text. Thanks, S. > > Best regards, Julian > > > >
- oauth-bearer and rfc 2617/httpbis authentication … Stephen Farrell
- Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis … Julian Reschke
- Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis … Stephen Farrell