IETF Logo Mail Archive

Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

John Bradley <ve7jtb@ve7jtb.com> Wed, 09 May 2012 22:27 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B5C811E80BB for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.536
X-Spam-Level:
X-Spam-Status: No, score=-3.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvR4yc30WCFq for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:27:51 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id B572811E8086 for <oauth@ietf.org>; Wed, 9 May 2012 15:27:51 -0700 (PDT)
Received: by yhq56 with SMTP id 56so1011208yhq.31 for <oauth@ietf.org>; Wed, 09 May 2012 15:27:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=a/2TLv8Mr54uR9xRoUjG3Pm5sEjRjWSCfxeaTyPGww4=; b=RDdWRMViaCVvUr8y2v2vbfkj+WXoWal8M1FvNTvL3ifbKOT3p6jeXk/FahlEiszsWd JvsolXNC63sud4Mj6UkynldqRr9LFV8NtK7hjYRN8WCiwbIM9J32rI3nk3g7A6l3ExSu kDq4zBbUvVLObgLCt9J009+c3e5spnZJE/aEFxt5XIWayQcghBlOdVOyirdMk49YhJED nQmZKjW41RbmLnK2Ewt82nUJ6md/8h7bVrnRonGz5Lmgkc3d/vNrCUWdovM1/vymM4Xs l019wkpqKKcPw9LTYzL1nMyMo9H9OcpuWcakEzNIV6z8rIgAfXKt8m6drzdmCSXYiLVt V/RQ==
Received: by 10.236.193.1 with SMTP id j1mr2371168yhn.40.1336602471303; Wed, 09 May 2012 15:27:51 -0700 (PDT)
Received: from [192.168.1.213] (190-20-20-74.baf.movistar.cl. [190.20.20.74]) by mx.google.com with ESMTPS id i19sm6529038ani.7.2012.05.09.15.27.49 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 09 May 2012 15:27:50 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_43C9B1AD-A6DC-4CF9-9C6B-B0905CCB351D"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
Date: Wed, 09 May 2012 18:27:43 -0400
Message-Id: <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQmypOCYjoe6UHWmRFr4ykR34DGKJdE//wNE1pZXQUAoGwDDAUWNKgWCfNM0XtTjNAk55UZs
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:27:52 -0000

Consistent syntax across bearer, core and MAC.

That wasn't one of the options:)

John B.
On 2012-05-09, at 6:06 PM, Hannes Tschofenig wrote:

> Hi all, 
> 
> another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification. 
> 
> As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message. 
> Depending on where they show up different encoding restrictions apply. 
> 
> For the core specification these error fields may appear in the 
> * body of the HTTP message (encoded in JSON)
> * parameters to the query component of the redirection URI (using the
>  "application/x-www-form-urlencoded" format)
> 
> For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' 
> 
> Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?
> 
> So, I see two options: 
> 
> 1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different. 
> 
> 2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. 
> 
> Please indicate your preference by the end of next week (18th May 2012). 
> 
> Ciao
> Hannes
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email