Re: [OAUTH-WG] ABNF in draft 11
Eran Hammer-Lahav <eran@hueniverse.com> Wed, 01 December 2010 06:15 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60CE73A6CF1 for <oauth@core3.amsl.com>; Tue, 30 Nov 2010 22:15:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8z9a+ua6z89P for <oauth@core3.amsl.com>; Tue, 30 Nov 2010 22:15:13 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id 3B3643A6CEC for <oauth@ietf.org>; Tue, 30 Nov 2010 22:15:12 -0800 (PST)
Received: (qmail 21049 invoked from network); 1 Dec 2010 06:16:24 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 1 Dec 2010 06:16:24 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Tue, 30 Nov 2010 23:16:24 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, OAuth WG <oauth@ietf.org>
Date: Tue, 30 Nov 2010 23:16:33 -0700
Thread-Topic: ABNF in draft 11
Thread-Index: AcuLrE0WNL4CckMHSC6Rvg1Kh0kB/QArB9ZgAATzm+AAITzOwAELdNXg
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343D4B06593A@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343D4AE3B191@P3PW5EX1MB01.EX1.SECURESERVER.NET> <255B9BB34FB7D647A506DC292726F6E112789E5CDD@WSMSG3153V.srv.dir.telstra.com> <90C41DD21FB7C64BB94121FBBC2E72343D4B06532C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <255B9BB34FB7D647A506DC292726F6E11278AB64E4@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11278AB64E4@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] ABNF in draft 11
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2010 06:15:16 -0000
> -----Original Message----- > From: Manger, James H [mailto:James.H.Manger@team.telstra.com] > Sent: Thursday, November 25, 2010 3:52 PM > To: Eran Hammer-Lahav; OAuth WG > Subject: RE: ABNF in draft 11 > > This is better. > > <scope> is not quite correct as the right-hand side is not quite a subset of > <quoted-string> since <quoted-char> allows "\" as a character, instead of > treating it as an escape character. > Option 1: remove "\" from <quoted-char> > Option 2: define <scope> as <"scope" "=" quoted-string>, and in the > following paragraph say the "scope" attribute is a space-separated list of > individual scope values -- more precisely, individual scope values are > separated by <RWS> (and consequently cannot contain <RWS>). > > I prefer option 2. I'm not sure about this yet. I'll leave it and talk to some ABNF gurus. > > "WWW-Authenticate: OAuth2" is not strictly valid because it doesn't have a > space <RWS> after the scheme. > RFC2617 and draft-ietf-httpbis-p7-auth-12 actually uses <1*SP>, instead of > <RWS> in the generic definition of <challenge>. > > Option 3: <challenge = "OAuth2" 1*SP 1#param> > Add realm to <param>; add back paragraph saying the mandatory > "realm" attribute allows protected resources on a server to be partitioned, as > specified in RFC2617. Don't bother with any extra explanation. > > Option 4: <challenge = "OAuth2" [ 1*SP #param ]> > Add a paragraph explicitly saying this scheme does not quite obey the > generic rules for schemes defined in RFC2617 because it does not require a > "realm" parameter or, in fact, any parameters. > > I prefer option 4, despite believing "realm" has some value. Most servers will > have a single protection space (=realm), plus NTLM and Negotiate schemes > already omit "realm", so I think disobeying RFC2617 here is ok (and fixing > draft-ietf-httpbis-p7-auth-12). Nah, I'll just open a ticket against p7 to fix it there. > > <URI-Reference> should be > <URI-reference> Thanks. EHL
- [OAUTH-WG] Fwd: Dropping 'realm' parameter John Kemp
- [OAUTH-WG] Dropping 'realm' parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Fwd: Dropping 'realm' parameter Eran Hammer-Lahav
- [OAUTH-WG] ABNF in draft 11 Manger, James H
- Re: [OAUTH-WG] ABNF in draft 11 Eran Hammer-Lahav
- Re: [OAUTH-WG] ABNF in draft 11 Manger, James H
- Re: [OAUTH-WG] ABNF in draft 11 Eran Hammer-Lahav