IETF Logo Mail Archive

Re: [OAUTH-WG] Section 7.2

Eran Hammer <eran@hueniverse.com> Fri, 15 June 2012 06:32 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A22A621F86C8 for <oauth@ietfa.amsl.com>; Thu, 14 Jun 2012 23:32:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdJq1riprxB9 for <oauth@ietfa.amsl.com>; Thu, 14 Jun 2012 23:32:28 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 7202C21F8618 for <oauth@ietf.org>; Thu, 14 Jun 2012 23:32:28 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id NWYS1j0020CJzpC01WYSRY; Thu, 14 Jun 2012 23:32:26 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Thu, 14 Jun 2012 23:32:25 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Section 7.2
Thread-Index: Ac1KeB4PVUuFMDsJRu+q5d/rw0G4WQAO9iAAAA6cN3AAHFVLIP/+3oCAgAAc8FA=
Date: Fri, 15 Jun 2012 06:32:25 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201073B82@P3PWEX2MB008.ex2.secureserver.net>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201073394@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943665394D7@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010734C5@P3PWEX2MB008.ex2.secureserver.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201073573@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B168042967394366539839@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366539839@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [37.46.43.35]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA201073B82P3PWEX2MB008ex2_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Section 7.2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2012 06:32:29 -0000

WFM.

This will be the new text for 7.2 unless someone has any additional feedback or concerns.

This closes my issue with the new error registry changes.

EH

From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: Thursday, June 14, 2012 6:15 PM
To: Eran Hammer; oauth@ietf.org WG (oauth@ietf.org)
Subject: RE: [OAUTH-WG] Section 7.2


Thanks for writing the text below.  It looks fine to me.  About adding the other error parameters as suggestions, that seems like a reasonable thing to do.  How about the text at the end below, which adds mentions of error_description and error_uri?



7.2.  Error Response



   If a resource access request fails, the resource server SHOULD inform

   the client of the error.  While the specifics of such error responses

   are beyond the scope of this specification, this documents establishes

   a common registry for error values to be shared among OAuth token

   authentication schemes.



   New authentication schemes designed primarily for OAuth token

   authentication SHOULD define a mechanism for providing an

   error status code to the client, in which the error values allowed are

   registered in the error registry established by this specification. Such

   schemes MAY limit the set of valid error codes to a subset of the

   registered values. If the error code is returned using a named parameter,

   the parameter name SHOULD be "error".



   Other schemes capable of being used for OAuth token authentication, but

   not primarily designed for that purpose, MAY bind their error values to the

   registry in the same manner.



   New authentication schemes MAY choose to also specify the use of the

   "error_description" and "error_uri" parameters to return error information

   in a manner parallel to their usage in this specification.





                                                            -- Mike



P.S.  If you already have the text you wrote in a copy of the draft, you should apply these spelling corrections:

               desgined -> designed

               authentiction -> authentication



-----Original Message-----
From: Eran Hammer [mailto:eran@hueniverse.com]<mailto:[mailto:eran@hueniverse.com]>
Sent: Thursday, June 14, 2012 3:29 PM
To: Eran Hammer; Mike Jones; oauth@ietf.org<mailto:oauth@ietf.org> WG (oauth@ietf.org<mailto:oauth@ietf.org>)
Subject: RE: [OAUTH-WG] Section 7.2



Mike - if you want to add the other error parameters as suggestions, that would be fine by me.



EH



> -----Original Message-----

> From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org]<mailto:[mailto:oauth-bounces@ietf.org]> On Behalf

> Of Eran Hammer

> Sent: Thursday, June 14, 2012 3:23 PM

> To: Mike Jones; oauth@ietf.org<mailto:oauth@ietf.org> WG (oauth@ietf.org<mailto:oauth@ietf.org>)

> Subject: Re: [OAUTH-WG] Section 7.2

>

> 7.2.  Error Response

>

>    If a resource access request fails, the resource server SHOULD inform

>    the client of the error.  While the specifics of such error responses

>    are beyond the scope of this specification, this documents establishes

>    a common registry for error values to be shared among OAuth token

>    authentication schemes.

>

>    New authentication schemes desgined primarily for OAuth token

>    authentiction SHOULD define a mechanism for providing an

>    error status code to the client, in which the error values allowed are

>    registered in the error registry established by this specification. Such

>    schemes MAY limit the set of valid error codes to a subset of the

>    registered values. If the error code is returned using a named parameter,

>    the parameter name SHOULD be "error".

>

>    Other schemes capable of being used for OAuth token authentication, but

>    not primarily designed for that purpose, MAY bind their error values to the

>    registry in the same manner.

>

> EH

>

> _______________________________________________

> OAuth mailing list

> OAuth@ietf.org<mailto:OAuth@ietf.org>

> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email