Re: [OAUTH-WG] double normative? (draft-ietf-oauth-assertions WGLC comment V)

Brian Campbell <bcampbell@pingidentity.com> Wed, 25 April 2012 14:04 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD54821F86E0 for <oauth@ietfa.amsl.com>; Wed, 25 Apr 2012 07:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.94
X-Spam-Level:
X-Spam-Status: No, score=-5.94 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLJDHEBxwvhD for <oauth@ietfa.amsl.com>; Wed, 25 Apr 2012 07:04:27 -0700 (PDT)
Received: from na3sys009aog121.obsmtp.com (na3sys009aog121.obsmtp.com [74.125.149.145]) by ietfa.amsl.com (Postfix) with ESMTP id 373A121F86DA for <oauth@ietf.org>; Wed, 25 Apr 2012 07:04:27 -0700 (PDT)
Received: from mail-vb0-f54.google.com ([209.85.212.54]) (using TLSv1) by na3sys009aob121.postini.com ([74.125.148.12]) with SMTP ID DSNKT5gEag6+BO/pIv+FOLKZxsVwIh2dl9na@postini.com; Wed, 25 Apr 2012 07:04:27 PDT
Received: by vbmv11 with SMTP id v11so110496vbm.27 for <oauth@ietf.org>; Wed, 25 Apr 2012 07:04:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding:x-gm-message-state; bh=Qfk8QrhOUORtAsYdhhgIRK13tcyvwld2U0eiY9KAZio=; b=KDUiwZeN+jdPIJTTbAu01QBmM+9cKFJZayDMM5V5+JiPDBK8rW0hU9WcLgHkuuTfE4 tFyFB/De7U3DQXq2ZiXNrbnt95kh8m91CoxnYwyfREeegx8y/d4TVFGvMvHmHS2iECkg jFXVjHe1adm8mTDN9jtYYPFLqA/UDJTxJMCfc6cEax/TWtsf4TZYeaZD7ZQCVzSmHohe qEUZ6l5UvOAh+8uOZN2T/Ksvq9z7OZmw1QSjmkjxfYVmmckicKcxVFCj8xZWIDGHodw8 gvGIJQwt6wlBOcjLkWoH5ZeU9ubv/gEdy6pVylxJccusN5Na/ndX6xs5zxVMsZjDRHvu 7MsA==
Received: by 10.52.65.69 with SMTP id v5mr2266542vds.14.1335362665417; Wed, 25 Apr 2012 07:04:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.38.104 with HTTP; Wed, 25 Apr 2012 07:03:55 -0700 (PDT)
In-Reply-To: <CA+k3eCTRVQKuyLJ3Koo42ZEJcpeRioRPT6uWYPJ-jTOS5wuf_Q@mail.gmail.com>
References: <CA+k3eCTRVQKuyLJ3Koo42ZEJcpeRioRPT6uWYPJ-jTOS5wuf_Q@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 25 Apr 2012 08:03:55 -0600
Message-ID: <CA+k3eCRudhZ8D9+7Y4h+3piUNEJxrJZHr7hg5kiuUB4GbHSMHw@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkRPr411ExvL6pAKU8gyf+3Apuw4QF9HNfa56hSJa7e3pFRaQYZaAKsXrV4v104wp0JVtOx
Subject: Re: [OAUTH-WG] double normative? (draft-ietf-oauth-assertions WGLC comment V)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 14:04:29 -0000

I just noticed that there is a similar situation in §4.1* and 4.2**
where there's a MUST before defining the HTTP parameters but some of
the individual parameters are marked as OPTIONAL.

The MUST should probably be dropped.

* http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.1
** http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.2



On Mon, Apr 23, 2012 at 3:26 PM, Brian Campbell
<bcampbell@pingidentity.com> wrote:
> Sections 6.1, 6.2, 6.3 and 6.4 of
> http://tools.ietf.org/html/draft-ietf-oauth-assertions-01 are all similar in
> that they have a paragraph at the top that ends with, "The following format
> and processing rules SHOULD be applied:" followed by a bullet list of
> specific rules. However some of the individual bullets themselves have
> normative language including several that have a MUST. On rereading the
> draft today, I found this to be a little confusing. I mean, what does it
> mean to say that you SHOULD MUST do something? At a minimum, it seems like
> kind of bad form. I'm thinking that the lead in text before each list should
> just say something like "The following format and processing rules are to be
> applied:" to avoid any potential logical conflict between the normative
> terms. But depending on how the previous text was interpreted, that could be
> considered a breaking change? That might be okay though as this is just an
> abstract specification. Any thoughts?