Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06

Mike Jones <Michael.Jones@microsoft.com> Mon, 25 July 2011 16:12 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1973211E81CC for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.478
X-Spam-Level:
X-Spam-Status: No, score=-10.478 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAfVOS4YUELK for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:12:48 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id AC65A21F8D2E for <oauth@ietf.org>; Mon, 25 Jul 2011 08:02:45 -0700 (PDT)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (157.54.80.61) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 25 Jul 2011 08:02:44 -0700
Received: from TK5EX14MBXC207.redmond.corp.microsoft.com ([169.254.7.174]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.01.0323.002; Mon, 25 Jul 2011 08:02:44 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ian McKellar <ian@mckellar.org>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Thread-Index: AcwxP+0eZ6OA/RCvSTCCsjpx71EG9wOOO3mAAthzYdA=
Date: Mon, 25 Jul 2011 15:02:43 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394349853DFE@TK5EX14MBXC207.redmond.corp.microsoft.com>
References: <AcwxP+0eZ6OA/RCvSTCCsjpx71EG9w==> <4E1F6AAD24975D4BA5B168042967394348D04A47@TK5EX14MBXC202.redmond.corp.microsoft.com> <CAKMDUCY3VsXxoc8wH2zUWA9wJaje5V6-VKpvY=6gbD2tn27G5g@mail.gmail.com>
In-Reply-To: <CAKMDUCY3VsXxoc8wH2zUWA9wJaje5V6-VKpvY=6gbD2tn27G5g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:12:50 -0000

You're correct about the missing comma.  I'll plan on updating the draft this week.

To your second question, the definition of quoted-string does allow for unquoted whitespace within the quoted string.

				-- Mike

-----Original Message-----
From: Ian McKellar [mailto:ian@mckellar.org] 
Sent: Sunday, July 10, 2011 1:16 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06

Hi,

I'm reading through draft 6 of the bearer token spec and had a question about one of the examples. In section 2.4 there's an error response example when an expired token is used:
   HTTP/1.1 401 Unauthorized
   WWW-Authenticate: Bearer realm="example"
                     error="invalid_token",
                     error_description="The access token expired"

I think there should be a comma after realm="example"

Also, I wasn't sure about spaces in the error_description. I'm digging through related linked specs to try to work out what a quoted-string should actually look like. Are spaces allowed? Should characters be backslash-quoted or percent-quoted?

Ian

On Wed, Jun 22, 2011 at 8:53 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> I’ve published draft 06 of the OAuth Bearer Token Specification.  It 
> contains the following changes:
>
> ·         Changed parameter name bearer_token to access_token, per 
> working group consensus.
>
> ·         Changed HTTP status code for invalid_request error code from 
> HTTP
> 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP 
> working group experts.
>
>
>
> It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as 
> had been discussed as a possibility, also due to input from the same 
> HTTP working group experts.
>
>
>
> I believe that this addresses all the bearer token specification 
> issues arising from the interim working group meeting and working 
> group discussions since then.
>
>
>
> The draft is available at these locations:
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml
>
> ·         
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html
>
> ·         
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·         
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt
>
> ·         
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml
>
> ·         http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html 
> (will point to new versions as they are posted)
>
> ·         http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf 
> (will point to new versions as they are posted)
>
> ·         http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt 
> (will point to new versions as they are posted)
>
> ·         http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml 
> (will point to new versions as they are posted)
>
> ·         http://svn.openid.net/repos/specifications/oauth/2.0/ 
> (Subversion repository, with html, pdf, txt, and html versions 
> available)
>
>
>
>                                                                 -- 
> Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>



--
Ian McKellar  <http://ian.mckellar.org/>
ian@mckellar.org: email | jabber | msn
ianloic: flickr | aim | yahoo | skype | linkedin | etc.