IETF Logo Mail Archive

Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Mike Jones <Michael.Jones@microsoft.com> Wed, 09 May 2012 22:15 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9655F21F84C8 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.925
X-Spam-Level:
X-Spam-Status: No, score=-3.925 tagged_above=-999 required=5 tests=[AWL=-0.326, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6+J1E6xjtq-y for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:15:41 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe001.messaging.microsoft.com [213.199.154.139]) by ietfa.amsl.com (Postfix) with ESMTP id 91BAE21F84C3 for <oauth@ietf.org>; Wed, 9 May 2012 15:15:40 -0700 (PDT)
Received: from mail51-db3-R.bigfish.com (10.3.81.227) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 22:15:39 +0000
Received: from mail51-db3 (localhost [127.0.0.1]) by mail51-db3-R.bigfish.com (Postfix) with ESMTP id 7153F3804A7; Wed, 9 May 2012 22:15:39 +0000 (UTC)
X-SpamScore: -27
X-BigFish: VS-27(zz9371I14ffI542Mzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail51-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail51-db3 (localhost.localdomain [127.0.0.1]) by mail51-db3 (MessageSwitch) id 1336601738153344_6563; Wed, 9 May 2012 22:15:38 +0000 (UTC)
Received: from DB3EHSMHS006.bigfish.com (unknown [10.3.81.230]) by mail51-db3.bigfish.com (Postfix) with ESMTP id 170393003CD; Wed, 9 May 2012 22:15:38 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS006.bigfish.com (10.3.87.106) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 22:15:37 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0298.005; Wed, 9 May 2012 22:15:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjAPfUna+mufcUmIKpLKwMV+D5bCBemQ
Date: Wed, 09 May 2012 22:15:35 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
In-Reply-To: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:15:41 -0000

2) Consistent syntax across both OAuth specs.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, May 09, 2012 3:07 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hi all, 

another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification. 

As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message. 
Depending on where they show up different encoding restrictions apply. 

For the core specification these error fields may appear in the 
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' 

Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?

So, I see two options: 

1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different. 

2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. 

Please indicate your preference by the end of next week (18th May 2012). 

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email