Re: [OAUTH-WG] Possible alternative resolution to issue 26

Julian Reschke <julian.reschke@gmx.de> Tue, 04 October 2011 07:25 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E58221F8C04 for <oauth@ietfa.amsl.com>; Tue, 4 Oct 2011 00:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.487
X-Spam-Level:
X-Spam-Status: No, score=-103.487 tagged_above=-999 required=5 tests=[AWL=-0.887, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bh2joIsADRJg for <oauth@ietfa.amsl.com>; Tue, 4 Oct 2011 00:25:44 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id E680121F8AD3 for <oauth@ietf.org>; Tue, 4 Oct 2011 00:25:43 -0700 (PDT)
Received: (qmail invoked by alias); 04 Oct 2011 07:28:46 -0000
Received: from p5DCC8376.dip.t-dialin.net (EHLO [192.168.178.36]) [93.204.131.118] by mail.gmx.net (mp056) with SMTP; 04 Oct 2011 09:28:46 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX194nuBv5WN4wry9Z+exOKeywWEUouiimSTYav9dZq h9W8UY2Amm3M8C
Message-ID: <4E8AB5AD.7030405@gmx.de>
Date: Tue, 04 Oct 2011 09:28:45 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C21DD2C@TK5EX14MBXC284.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1129015546C@WSMSG3153V.srv.dir.telstra.com> <1317621663.4810.YahooMailNeo@web31813.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B16804296739435C226298@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C226298@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 07:25:45 -0000

On 2011-10-04 03:55, Mike Jones wrote:
> As editor, based upon James’ input, I’d like to expand the set of
> choices for the working group to consider by adding the possibility of
> using JSON string encodings for scope and error_description where the
> characters used for the encoding are restricted to the set of 7-bit
> ASCII characters compatible with the HTTPbis and RFC 2617 parameter
> syntaxes.
>
> 1. Using RFC 5987 encoding for the scope parameter.
>
> 2. Continuing to specify no non-ASCII encoding for scope parameter values.
>
> 3. Using JSON string encoding for the scope parameter.
>
> A. Using RFC 5987 encoding for the error_description parameter.
>
> B. Continuing to specify UTF-8 encoding for the error_description
> parameter.
>
> C. Using JSON string encoding for the error_description parameter.
>
> As an individual, I’m sympathetic to the argument that RFC 5987 (with
> “scope*” and language tags etc.) is overkill for OAuth implementations,
> where neither of the sets of strings is intended to be presented to
> end-users. Hence, the possible attractiveness of options 3 and C.
>
> Thoughts from others?
> ...

How is RFC 5987 encoding overkill, and JSON is not?

Note that if you'd use the \u notation inside a quoted string, you need 
to escape the backslashes due to the quoted-string syntax; which is 
likely a new source of errors.

Best regards, Julian