Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The
Martin Rex <mrex@sap.com> Wed, 25 January 2012 00:29 UTC
Return-Path: <mrex@sap.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D9321F8541; Tue, 24 Jan 2012 16:29:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.142
X-Spam-Level:
X-Spam-Status: No, score=-10.142 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-3N9UoA9xT9; Tue, 24 Jan 2012 16:29:00 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 24CAD21F8540; Tue, 24 Jan 2012 16:28:59 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q0P0Swgv023555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 25 Jan 2012 01:28:58 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201201250028.q0P0SwiS000165@fs4113.wdf.sap.corp>
To: Michael.Jones@microsoft.com
Date: Wed, 25 Jan 2012 01:28:58 +0100
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366380094@TK5EX14MBXC284.redmond.corp.microsoft.com> from "Mike Jones" at Jan 25, 12 00:03:15 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-Mailman-Approved-At: Wed, 25 Jan 2012 05:27:14 -0800
Cc: oauth@ietf.org, ietf@ietf.org, iesg@ietf.org
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2012 00:29:01 -0000
Mike Jones wrote: > > Per the discussion at > http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html, > the working group's rationale for supporting quoted-string but > not token syntax for these parameters, and for requiring that > backslash ('\') quoting not be used when producing them [...] I'm slightly confused... Instead of inappropriately re-specifying the WWW-Authenticate:, how about referencing the original specification an rules, and then add your desired requirements for *creation* of the contents on top of that, so that oauth-bearer can permit recipients to reject stuff that doesn't fit the additional "send-requirements" when processing the request. I would assume that pretty much all authentication schemes will effectively require subsetting of what can be conveyed to what they can parse, and further subset this to what they can successfully verify, and reject everything else -- without having to rewrite the WWW-Authenticate syntax. -Martin
- [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer… The IESG
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Julian Reschke
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Julian Reschke
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mark Nottingham
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Julian Reschke
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Julian Reschke
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Eran Hammer
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Julian Reschke
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Mike Jones
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Martin Rex
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Bjoern Hoehrmann
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Martin Rex
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Justin Richer
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Eran Hammer
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Eran Hammer
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… John Bradley
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… William Mills
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Peter Saint-Andre
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… John Bradley
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Eran Hammer
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… John Bradley
- Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-be… Eran Hammer