Eran Hammer <> Tue, 24 April 2012 00:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 556D221F86F2 for <>; Mon, 23 Apr 2012 17:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.593
X-Spam-Status: No, score=-2.593 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gGaEDumIyuoL for <>; Mon, 23 Apr 2012 17:12:22 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A0D2C21F86F0 for <>; Mon, 23 Apr 2012 17:12:22 -0700 (PDT)
Received: from ([]) by with bizsmtp id 1cCM1j0070CJzpC01cCMTz; Mon, 23 Apr 2012 17:12:21 -0700
Received: from ([]) by ([]) with mapi id 14.02.0247.003; Mon, 23 Apr 2012 17:12:21 -0700
From: Eran Hammer <>
To: Chuck Canning <>, " WG (" <>
Thread-Topic: OAuth ABNF
Thread-Index: Ac0hlo/WWuxsG+HsR9eTWVbGALjxfAACUw7AAAO9RrA=
Date: Tue, 24 Apr 2012 00:12:20 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA2FFB712P3PWEX2MB008ex2se_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth ABNF
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Apr 2012 00:12:24 -0000

We can do both (provide it as defined and in one section). But someone needs to prepare all the ABNFs first.


From: Chuck Canning []
Sent: Monday, April 23, 2012 3:28 PM
To: Eran Hammer; WG (
Subject: RE: OAuth ABNF

As someone trying to implement the spec, I find that I have to jump around the spec to find this information also. Personally, I think grouping the related options in the document might make it more clear instead of grouping it based on a concept and then the next style of flow. It might also help shine light on the holes in the spec or where things are ambiguous or not clearly defined. (ie. clearly defining all the options for a particular URI together instead of having to jump over multiple sections and mentally comparing each option).

From:<> []<mailto:[]> On Behalf Of Eran Hammer
Sent: Monday, April 23, 2012 2:20 PM
To:<> WG (<>)
Subject: [SPAM] [OAUTH-WG] OAuth ABNF
Importance: Low

During the IESG review of draft-ietf-oauth-v2, Sean Turner raised the following DISCUSS item (meaning, the specification is blocked until this is resolved):

> 0) General: I found the lack of ABNF somewhat disconcerting in that

> implementers would have to hunt through the spec to figure out all the

> values of a given field.  For example grant_type has different values based

> on the different kind of access_token requests - four to be more precise -

> but there's no ABNF for the field.  There are many examples of

> this.   It would greatly aid implementers if a) the ABNF for all fields

> were included in the draft and b) all the ABNF was collected in one place.  I

> had individual discusses for each field that had missing ABNF, but it was

> getting out of hand so I'm just going to do this one general discuss on this

> topic.

I don't have the time to prepare such text. Can someone volunteer to submit this text to the WG for review?