Re: [OAUTH-WG] OAuth ABNF

Julian Reschke <julian.reschke@gmx.de> Wed, 25 April 2012 12:45 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA5121F855A for <oauth@ietfa.amsl.com>; Wed, 25 Apr 2012 05:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.84
X-Spam-Level:
X-Spam-Status: No, score=-101.84 tagged_above=-999 required=5 tests=[AWL=0.759, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F2hOrUftCaZc for <oauth@ietfa.amsl.com>; Wed, 25 Apr 2012 05:45:57 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 1B96921F8608 for <oauth@ietf.org>; Wed, 25 Apr 2012 05:45:56 -0700 (PDT)
Received: (qmail invoked by alias); 25 Apr 2012 12:45:55 -0000
Received: from unknown (EHLO [42.1.3.81]) [192.147.117.12] by mail.gmx.net (mp027) with SMTP; 25 Apr 2012 14:45:55 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+jqhIM/nejLueqGCTUNXegf3NPZzI7wXZ1EzsvWs 3dMYTkSDvugp5x
Message-ID: <4F97F202.6070100@gmx.de>
Date: Wed, 25 Apr 2012 14:45:54 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120420 Thunderbird/12.0
MIME-Version: 1.0
To: Eran Hammer <eran@hueniverse.com>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA2FFB23D@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2FFB23D@P3PWEX2MB008.ex2.secureserver.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth ABNF
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 12:45:58 -0000

On 2012-04-23 23:19, Eran Hammer wrote:
> During the IESG review of draft-ietf-oauth-v2, Sean Turner raised the
> following DISCUSS item (meaning, the specification is blocked until this
> is resolved):
>
>  > 0) General: I found the lack of ABNF somewhat disconcerting in that
>
>  > implementers would have to hunt through the spec to figure out all the
>
>  > values of a given field. For example grant_type has different values
> based
>
>  > on the different kind of access_token requests - four to be more
> precise -
>
>  > but there's no ABNF for the field. There are many examples of
>
>  > this. It would greatly aid implementers if a) the ABNF for all fields
>
>  > were included in the draft and b) all the ABNF was collected in one
> place. I
>
>  > had individual discusses for each field that had missing ABNF, but it
> was
>
>  > getting out of hand so I'm just going to do this one general discuss
> on this
>
>  > topic.
>
> I don’t have the time to prepare such text. Can someone volunteer to
> submit this text to the WG for review?

Putting values in the ABNF makes only sense if and only of the set of 
values is hardwired, so there's no extension point. Otherwise it's 
misleading, because it will lead to fragile parser implementations.

WRT collected ABNF: this can be generated automatically, you may want to 
have a look at 
<http://trac.tools.ietf.org/wg/httpbis/trac/browser/draft-ietf-httpbis/latest/Makefile>.

Best regards, Julian