IETF Logo Mail Archive

Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (3880)

Eriksen Costa <eriksencosta@gmail.com> Tue, 04 February 2014 19:02 UTC

Return-Path: <eriksencosta@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC42E1A01A5 for <oauth@ietfa.amsl.com>; Tue, 4 Feb 2014 11:02:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXWQ9Ao_jfIg for <oauth@ietfa.amsl.com>; Tue, 4 Feb 2014 11:02:26 -0800 (PST)
Received: from mail-vb0-x236.google.com (mail-vb0-x236.google.com [IPv6:2607:f8b0:400c:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id 393241A01AB for <oauth@ietf.org>; Tue, 4 Feb 2014 11:02:26 -0800 (PST)
Received: by mail-vb0-f54.google.com with SMTP id w20so6212954vbb.27 for <oauth@ietf.org>; Tue, 04 Feb 2014 11:02:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=m6aYYer3yc4gdQNmclms7nf46+zHmTzmjEBCq4mJz6Y=; b=Vbvy8gcTh52hwCpeEYyoQ1LVmtvy1/T3kRV8oXn5booeaH8ab80/wJ2TGCSUK8AoLi eyqGj+34yd78qHPDAsyy3U5rZqPK86GBuo5bpOlKUl1B8Vmed4MCw0sx6JEn/EYDD1tF gktoRjxU/8pdw8jHRFnulh9+hduoliyQtkmomV5AxXFwH74qYGLGVmmV/xKWPSVQs72P H2C5MBWkOiOH5JzVQsfsuJ7looFp5Ja4liE0AnPmy6icH8Z9X9msWp3lBhCXUQ4zGrBP EzqsedVg1BgZCb4g6RNw/NHiGu0As/w2f6R+sEsNk57YOYFDxjrx7376ZrehflWkIGLN 7upw==
MIME-Version: 1.0
X-Received: by 10.58.90.202 with SMTP id by10mr32746983veb.6.1391540545512; Tue, 04 Feb 2014 11:02:25 -0800 (PST)
Received: by 10.58.215.168 with HTTP; Tue, 4 Feb 2014 11:02:25 -0800 (PST)
In-Reply-To: <1391540170.23334.YahooMailNeo@web142801.mail.bf1.yahoo.com>
References: <20140204161338.9A4007FC168@rfc-editor.org> <CAD9ie-tGtcBaXbJMkCDswMDhGHNbj+qbawaiXrHowPZFPxzUUQ@mail.gmail.com> <1391540170.23334.YahooMailNeo@web142801.mail.bf1.yahoo.com>
Date: Tue, 04 Feb 2014 17:02:25 -0200
Message-ID: <CAKKN04MxcXV+N_8SmOEQ1Rf2d0EQkKpP6wvBVhJf+Mx9usOjrg@mail.gmail.com>
From: Eriksen Costa <eriksencosta@gmail.com>
To: Bill Mills <wmills_92105@yahoo.com>
Content-Type: multipart/alternative; boundary="001a1136a478e7ed9304f1994767"
X-Mailman-Approved-At: Fri, 07 Feb 2014 11:10:25 -0800
Cc: "turners@ieca.com" <turners@ieca.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "derek@ihtfp.com" <derek@ihtfp.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (3880)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 19:05:09 -0000

Could we make Mishra's suggestion simpler? Example:

For public clients using implicit flows, this specification does not
provide any method for the client to determine that an access token was
issued to its current instance.

I'm not sure if it is explicit enough, neither convinced about "instance"
(maybe "session"?) but it seems more in line with the rest of the
specification's wording.

Thank you for the clarification,
Eriksen


On Tue, Feb 4, 2014 at 4:56 PM, Bill Mills <wmills_92105@yahoo.com> wrote:

> Agreed.
>
>
>   On Tuesday, February 4, 2014 8:17 AM, Dick Hardt <dick.hardt@gmail.com>
> wrote:
>  This change is appropriate and reflects the intent of the statement.
>
>
> On Tue, Feb 4, 2014 at 8:13 AM, RFC Errata System <
> rfc-editor@rfc-editor.org> wrote:
>
> The following errata report has been submitted for RFC6749,
> "The OAuth 2.0 Authorization Framework".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=3880
>
> --------------------------------------
> Type: Technical
> Reported by: Eriksen Costa <eriksencosta@gmail.com>
>
> Section: 10.16
>
> Original Text
> -------------
> For public clients using implicit flows, this specification does not
> provide any method for the client to determine what client an access
> token was issued to.
>
> Corrected Text
> --------------
> For public clients using implicit flows, this specification does not
> provide any method for the authorization server to determine what
> client an access token was issued to.
>
> Notes
> -----
> A client can only know about tokens issued to it and not for other clients.
>
> Instructions:
> -------------
> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC6749 (draft-ietf-oauth-v2-31)
> --------------------------------------
> Title               : The OAuth 2.0 Authorization Framework
> Publication Date    : October 2012
> Author(s)           : D. Hardt, Ed.
> Category            : PROPOSED STANDARD
> Source              : Web Authorization Protocol
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>


-- 
Blog: http://blog.eriksen.com.br
Twitter: @eriksencosta

v2.23.0 | Report a Bug | By Email