[OAUTH-WG] OAuth Core -28 and Bearer -21 specs published

Mike Jones <Michael.Jones@microsoft.com> Wed, 20 June 2012 04:57 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id A58E621F8735 for <oauth@ietfa.amsl.com>; Tue, 19 Jun 2012 21:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.813
X-Spam-Status: No, score=-3.813 tagged_above=-999 required=5 tests=[AWL=-0.215, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id MxzZD5xER7c9 for <oauth@ietfa.amsl.com>; Tue, 19 Jun 2012 21:57:20 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe003.messaging.microsoft.com []) by ietfa.amsl.com (Postfix) with ESMTP id C8BA821F8731 for <oauth@ietf.org>; Tue, 19 Jun 2012 21:57:19 -0700 (PDT)
Received: from mail118-am1-R.bigfish.com ( by AM1EHSOBE005.bigfish.com ( with Microsoft SMTP Server id; Wed, 20 Jun 2012 04:55:55 +0000
Received: from mail118-am1 (localhost []) by mail118-am1-R.bigfish.com (Postfix) with ESMTP id 5BB771A012A for <oauth@ietf.org>; Wed, 20 Jun 2012 04:55:55 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail118-am1: domain of microsoft.com designates as permitted sender) client-ip=; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail118-am1 (localhost.localdomain []) by mail118-am1 (MessageSwitch) id 1340168153208707_28739; Wed, 20 Jun 2012 04:55:53 +0000 (UTC)
Received: from AM1EHSMHS001.bigfish.com (unknown []) by mail118-am1.bigfish.com (Postfix) with ESMTP id 3136D200047 for <oauth@ietf.org>; Wed, 20 Jun 2012 04:55:53 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com ( by AM1EHSMHS001.bigfish.com ( with Microsoft SMTP Server (TLS) id; Wed, 20 Jun 2012 04:55:52 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([]) with mapi id 14.02.0298.005; Wed, 20 Jun 2012 04:57:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth Core -28 and Bearer -21 specs published
Thread-Index: Ac1OoSGuaSOU0vo6TGKJuu+TMXt96w==
Date: Wed, 20 Jun 2012 04:57:10 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436655E392@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436655E392TK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] OAuth Core -28 and Bearer -21 specs published
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2012 04:57:24 -0000

OAuth Core draft -28 has been published.  Changes were:

*        Updated the ABNF in the manner discussed by the working group, allowing username and password to be Unicode and restricting client_id and client_secret to ASCII.

*        Specifies the use of the application/x-www-form-urlencoded content-type encoding method to encode the client_id when used as the password for HTTP Basic.

OAuth Bearer draft -21 has also been published.  Changes were:

*        Changed "NOT RECOMMENDED" to "not recommended" in caveat about the URI Query Parameter method.

*        Changed "other specifications may extend this specification for use with other transport protocols" to "other specifications may extend this specification for use with other protocols".

*        Changed Acknowledgements to use only ASCII characters, per the RFC style guide.
The drafts are available at:

*        http://tools.ietf.org/html/draft-ietf-oauth-v2-28

*        http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-21

HTML-formatted versions are available at:

*        http://self-issued.info/docs/draft-ietf-oauth-v2-28.html

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-21.html

Thanks to Eran Hammer for approving the Core draft posting.

                                                            -- Mike