[OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

Mike Jones <Michael.Jones@microsoft.com> Wed, 19 October 2011 23:38 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3C25111E8098 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 16:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.955
X-Spam-Status: No, score=-9.955 tagged_above=-999 required=5 tests=[AWL=0.643, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZgNAJ3Cm7Svm for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 16:38:03 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0A75A11E808A for <oauth@ietf.org>; Wed, 19 Oct 2011 16:38:03 -0700 (PDT)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com ( by TK5-EXGWY-E802.partners.extranet.microsoft.com ( with Microsoft SMTP Server (TLS) id; Wed, 19 Oct 2011 16:38:02 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([]) with mapi id 14.01.0339.002; Wed, 19 Oct 2011 16:38:02 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2.0 Bearer Token Specification Draft -10
Thread-Index: AcyOuBvrce+R9JZJS5GdKjqOZuv3Gw==
Date: Wed, 19 Oct 2011 23:38:02 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24B1CA@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739435C24B1CATK5EX14MBXC283r_"
MIME-Version: 1.0
Subject: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 23:38:04 -0000

Draft 10<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.html> of the OAuth 2.0 Bearer Token Specification<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html> has been published, which incorporates consensus decisions reached since Working Group Last Call feedback.  It closes all open issues.  It contains the following changes:

*        Removed the #auth-param option from Authorization header syntax (leaving only the b64token syntax).

*        Restricted the scope value character set to %x21 / %x23-5B / %x5D-7E (printable ASCII characters excluding double-quote and backslash). Indicated that scope is intended for programmatic use and is not meant to be displayed to end users.

*        Restricted the character set for error_description strings to SP / VCHAR and indicated that they are not meant to be displayed to end users.

*        Included more description in the Abstract, since Hannes Tschofenig indicated that the RFC editor would require this.

*        Changed "Access Grant" to "Authorization Grant", as was done in the core spec.

*        Simplified the introduction to the Authenticated Requests section.

The draft is available at these locations:

*        http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-10

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-10.pdf

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-10.txt

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-10.xml

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.html

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.pdf

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.txt

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.xml

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted)

*        http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, pdf, txt, and html versions available)

                                                            -- Mike