Re: [OAUTH-WG] Error Encoding: Conclusion
Mike Jones <Michael.Jones@microsoft.com> Thu, 24 May 2012 05:23 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B597E21F8564 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 22:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acfH-hVqX4rd for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 22:23:07 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id A787B21F85A5 for <oauth@ietf.org>; Wed, 23 May 2012 22:22:57 -0700 (PDT)
Received: from mail82-va3-R.bigfish.com (10.7.14.237) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.22; Thu, 24 May 2012 05:22:49 +0000
Received: from mail82-va3 (localhost [127.0.0.1]) by mail82-va3-R.bigfish.com (Postfix) with ESMTP id 1880E420343; Thu, 24 May 2012 05:22:49 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -38
X-BigFish: VS-38(zz9371Ic85fh14ffI542M1432N179cMzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah34h)
Received-SPF: pass (mail82-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail82-va3 (localhost.localdomain [127.0.0.1]) by mail82-va3 (MessageSwitch) id 1337836966119081_20447; Thu, 24 May 2012 05:22:46 +0000 (UTC)
Received: from VA3EHSMHS017.bigfish.com (unknown [10.7.14.253]) by mail82-va3.bigfish.com (Postfix) with ESMTP id 078324E004D; Thu, 24 May 2012 05:22:46 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS017.bigfish.com (10.7.99.27) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 05:22:43 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Thu, 24 May 2012 05:22:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Eran Hammer <eran@hueniverse.com>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5Q
Date: Thu, 24 May 2012 05:22:46 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net>
In-Reply-To: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: multipart/mixed; boundary="_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 05:23:07 -0000
Thanks Hannes. In the interest of hopefully completing the edits to remove the DISCUSS issues for the Bearer and Core specs in the next few days so that we can send the docs to the RFC editors, I'd like to propose specific language for the Core spec to address both of the consensus call issue resolutions. After there's consensus on the specific text for Core, it will be easy for us to add a reference in Bearer to the language in Core for the error syntax restrictions and to use the OAuth errors registry. I'll do that in parallel with the discussions on the proposed core language changes.
A summary of the changes I made in response to the consensus call conclusions are:
* Add syntax restrictions for "error", "error_description", and "error_uri" from Bearer to Core
* Add section 7.2 about error responses from resource access requests
* Add "resource access error response" to the category of OAuth errors that can be registered
Additional editorial changes that I made as I encountered issues in the document were:
* Updated out of date references, especially the draft-hardt-oauth-01 reference, which contained an invalid link
* Added Derek Atkins to the list of chairs
* Added Yaron Goland's middle initial Y. (since he prefers to include it in publications)
* Replaced use of the deprecated <appendix> element, which prevented the spec from building with strict checking, with a <section> element in the <back> section (which creates an appendix)
To make it easy to incorporate these changes into the document and so the proposed changes are unambiguous, I produced an edited version of Core -26 containing these changes. The xml, txt, and html versions are attached to facilitate review. Pertinent diffs from the .txt version follow.
Cheers,
-- Mike
683c683,684
< notation of [RFC5234].
---
> notation of [RFC5234]. Additionally, the rule URI-Reference is
> included from Uniform Resource Identifier (URI) [RFC3986].
1441c1441,1442
< REQUIRED. A single error code from the following:
---
> REQUIRED. A single ASCII [USASCII] error code from the
> following:
1474a1475,1476
> Values for the "error" parameter MUST NOT include characters
> outside the set %x20-21 / %x23-5B / %x5D-7E.
1476c1478
< OPTIONAL. A human-readable UTF-8 encoded text providing
---
> OPTIONAL. A human-readable ASCII [USASCII] text providing
1478a1481,1482
> Values for the "error_description" parameter MUST NOT include
> characters outside the set %x20-21 / %x23-5B / %x5D-7E.
1482a1487,1489
> Values for the "error_uri" parameter MUST conform to the URI-
> Reference syntax, and thus MUST NOT include characters outside
> the set %x21 / %x23-5B / %x5D-7E.
1840c1840,1841
< REQUIRED. A single error code from the following:
---
> REQUIRED. A single ASCII [USASCII] error code from the
> following:
1873a1874,1875
> Values for the "error" parameter MUST NOT include characters
> outside the set %x20-21 / %x23-5B / %x5D-7E.
1875c1877
< OPTIONAL. A human-readable UTF-8 encoded text providing
---
> OPTIONAL. A human-readable ASCII [USASCII] text providing
1877a1880,1881
> Values for the "error_description" parameter MUST NOT include
> characters outside the set %x20-21 / %x23-5B / %x5D-7E.
1881a1886,1888
> Values for the "error_uri" parameter MUST conform to the URI-
> Reference syntax, and thus MUST NOT include characters outside
> the set %x21 / %x23-5B / %x5D-7E.
< REQUIRED. A single error code from the following:
---
> REQUIRED. A single ASCII [USASCII] error code from the
> following:
2325a2326,2327
> Values for the "error" parameter MUST NOT include characters
> outside the set %x20-21 / %x23-5B / %x5D-7E.
2327c2329
< OPTIONAL. A human-readable UTF-8 encoded text providing
---
> OPTIONAL. A human-readable ASCII [USASCII] text providing
2329a2332,2333
> Values for the "error_description" parameter MUST NOT include
> characters outside the set %x20-21 / %x23-5B / %x5D-7E.
2333a2338,2340
> Values for the "error_uri" parameter MUST conform to the URI-
> Reference syntax, and thus MUST NOT include characters outside
> the set %x21 / %x23-5B / %x5D-7E.
2450c2460,2468
< The method in which the client utilized the access token to
---
> The method in which the client utilizes the access token to
2479c2489
< Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
---
> Authorization: Bearer mF_9.B5f-4.1JqM
2503a2514,2533
>
> 7.2. Error Response
>
> If a resource access request fails, the resource server SHOULD inform
> the client of the error. While the specific error responses possible
> and methods for transmitting those errors when using any particular
> access token type are beyond the scope of this specification, any
> error codes defined for use with OAuth resource access methods MUST
> be registered (following the procedures in Section 11.4).
>
>
2602,2603c2624,2626
< (Section 4.2.2.1), or the token error response (Section 5.2), such
< error codes MAY be defined.
---
> (Section 4.2.2.1), the token error response (Section 5.2), or the
> resource access error response (Section 7.2), such error codes MAY be
> defined.
3444c3484,3485
< (Section 4.2.2.1), or token error response (Section 5.2).
---
> (Section 4.2.2.1), token error response (Section 5.2), or resource
> access error response (Section 7.2).
3596a3554,3557
> [USASCII] American National Standards Institute, "Coded Character
> Set -- 7-bit American Standard Code for Information
> Interchange", ANSI X3.4, 1986.
>
3611,3612c3572,3573
< OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
< progress), August 2011.
---
> OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
> progress), May 2012.
3616,3617c3577,3579
< Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08
< (work in progress), July 2011.
---
> Authorization Protocol: Bearer Tokens",
> draft-ietf-oauth-v2-bearer-19 (work in progress),
> April 2012.
3620,3623c3589,3591
< Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
< Authentication: MAC Access Authentication",
< draft-ietf-oauth-v2-http-mac-00 (work in progress),
< May 2011.
---
> Hammer-Lahav, E., "HTTP Authentication: MAC Access
> Authentication", draft-ietf-oauth-v2-http-mac-01 (work in
> progress), February 2012.
3626c3594
< Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
---
> McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
3628,3629c3596,3597
< draft-ietf-oauth-v2-threatmodel-00 (work in progress),
< July 2011.
---
> draft-ietf-oauth-v2-threatmodel-02 (work in progress),
> February 2012.
3468,3546d3503
< Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
3639c3609,3639
> Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
3468,3546d3503
< Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
3644,3645c3644,3656
> Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
3468,3546d3503
< This document was produced under the chairmanship of Blaine Cook,
< Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba. The area
< directors included Lisa Dusseault, Peter Saint-Andre, and Stephen
< Farrell.
3646a3658,3661
> This document was produced under the chairmanship of Blaine Cook,
> Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.
> The area directors included Lisa Dusseault, Peter Saint-Andre, and
> Stephen Farrell.
-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, May 23, 2012 11:27 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Error Encoding: Conclusion
Hi all,
on May 10th we called for consensus on an open issue regarding the error encoding. Here is the link to the call:
http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
Thank you all for the feedback. The conclusion of the consensus call was to harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. The error encoding will go into the core specification and the bearer specification will reference it.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion David Recordon
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- [OAUTH-WG] ABNF Re: Error Encoding: Conclusion William Mills
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion William Mills
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer