[OAUTH-WG] draft-ietf-oauth-revocation-04

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 11 January 2013 08:18 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007C621F8A50 for <oauth@ietfa.amsl.com>; Fri, 11 Jan 2013 00:18:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.52
X-Spam-Level:
X-Spam-Status: No, score=-102.52 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FjUDFCt7c7Nd for <oauth@ietfa.amsl.com>; Fri, 11 Jan 2013 00:18:16 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 98EAD21F8A08 for <oauth@ietf.org>; Fri, 11 Jan 2013 00:18:15 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.17]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0MOV9X-1Twckt2Ylx-005uS7 for <oauth@ietf.org>; Fri, 11 Jan 2013 09:18:14 +0100
Received: (qmail invoked by alias); 11 Jan 2013 08:18:14 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.107]) [88.115.219.140] by mail.gmx.net (mp017) with SMTP; 11 Jan 2013 09:18:14 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18l9F0Q3e0l/ISfW8S/q3Bxbvr37tqwjFrYeu68Jp gb+Q/bfS33LOsv
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 11 Jan 2013 10:18:13 +0200
Message-Id: <8B2E9343-A46D-4218-B771-CF4A72AE7E94@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] draft-ietf-oauth-revocation-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2013 08:18:17 -0000

Thank you Torsten for updating the document. 

Two issues have been raised:

1) Terminology: Authorization vs. access grant vs. authorization grant

There is a little bit of email exchange on that topic:
http://www.ietf.org/mail-archive/web/oauth/current/msg10426.html

I personally don't have an opinion on the terminology in this case. 

2) invalid_token error code

As mentioned on the list, a new error code has to be registered (which is not a big deal). Re-using an error code with different semantic is of course confusing. 

Re-using an already defined error code and to provide additional text in the error_description is fine as long as the description relates to the originally defined error description. In the case of the invalid_request error code RFC 6749 defines it as 

   invalid_request
               The request is missing a required parameter, includes an
               invalid parameter value, includes a parameter more than
               once, or is otherwise malformed.

and RFC 6750 says:

   invalid_request
         The request is missing a required parameter, includes an
         unsupported parameter or parameter value, repeats the same
         parameter, uses more than one method for including an access
         token, or is otherwise malformed.  The resource server SHOULD
         respond with the HTTP 400 (Bad Request) status code.

Let us know how you want to proceed on these two issues. 

Ciao
Hannes