IETF Logo Mail Archive

Re: [OAUTH-WG] Possible alternative resolution to issue 26

Buhake Sindi <buhake@googlemail.com> Fri, 30 September 2011 12:00 UTC

Return-Path: <buhake@googlemail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58A4521F8B3C for <oauth@ietfa.amsl.com>; Fri, 30 Sep 2011 05:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InHVKkY-31C0 for <oauth@ietfa.amsl.com>; Fri, 30 Sep 2011 05:00:57 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0E48921F8B3A for <oauth@ietf.org>; Fri, 30 Sep 2011 05:00:56 -0700 (PDT)
Received: by fxd18 with SMTP id 18so3105373fxd.31 for <oauth@ietf.org>; Fri, 30 Sep 2011 05:03:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=sBR7wZRFX0OV/UJUUdxFr7Q2jp8fb+5baZFUTcWFYpQ=; b=i+op2B5QGWJTzA6V2Z7DsANZvXo4cIlFBdJkxt7rfa2bBHaJwAW/kUqchgnFF/nsZm 719cZd4jrL1J5YnDaNHvxKT+tXVirBRcFUICoPwWE+1K2dJWP0K6wkRiY4dXruCvq0ef v6zL40UXfmjDSpBDZnhUBHZZfekMeRT0r68xI=
Received: by 10.223.56.67 with SMTP id x3mr12875050fag.64.1317384230313; Fri, 30 Sep 2011 05:03:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.24.98 with HTTP; Fri, 30 Sep 2011 05:03:30 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C21DD2C@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C21DD2C@TK5EX14MBXC284.redmond.corp.microsoft.com>
From: Buhake Sindi <buhake@googlemail.com>
Date: Fri, 30 Sep 2011 14:03:30 +0200
Message-ID: <CABUp4f73a3zJ9Vu510-JmaGP4N4v1_thkzV5GLYS+ivh7NJfBA@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="001517448904149f6004ae276b52"
X-Mailman-Approved-At: Fri, 30 Sep 2011 06:07:51 -0700
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2011 12:09:14 -0000

Hi everyone,

As for encoding, my understanding is that the scope parameter were scope
fields provided by the service provider and that scope should match the
service provider scope. Fair enough, we could argue that non-UTF-8
characters can't be sent over HTTP response headers, so a better solution, I
would suggest is illustrated in section 4.2, Error Handling, of RFC 5987.

My solution: add an encoding as a value of the scope and error-desc,
followed by a colon (:) and then the percentage-encoded message.

So, the message, is first encoded to the encoding specified, and then
percentage-encoded:

Example:

error-descr="UTF-8: <percentage-encoded of an UTF-8 message>"

The client would then:

   1. Percentage decode the string and get the string based on the encoding.

Problem is though, the length of the string value.


Any thoughts?

On 29 September 2011 20:52, Mike Jones <Michael.Jones@microsoft.com> wrote:

>  There seems to now be more working group interest in representing
> non-ASCII characters in scope strings than had previously been in evidence.
> If we decide to define a standard representation for doing so, using RFC
> 5987 <http://tools.ietf.org/html/rfc5987> (Character Set and Language
> Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters)
> seems to be the clear choice.  I’d be interested in knowing how many working
> group members are in favor of either:****
>
> ** **
>
> 1.  Using RFC 5987 encoding for the scope parameter.****
>
> 2.  Continuing to specify no non-ASCII encoding for scope parameter values.
> ****
>
> ** **
>
> As a related issue, some working group members have objected to specifying
> UTF-8 encoding of the error_description value, requesting the use of RFC
> 5987 encoding instead.  I’d also be interested in knowing how many working
> group members are in favor of either:****
>
> ** **
>
> A.  Using RFC 5987 encoding for the error_description parameter.****
>
> B.  Continuing to specify UTF-8 encoding for the error_description
> parameter.****
>
> ** **
>
> (As editor, I would make the observation that if we choose RFC 5987
> encoding for either of these parameters, it would be logical to do so for
> the other one as well.)****
>
> ** **
>
> In the interest of finishing the specification in a way that meets
> everyone’s needs,****
>
>                                                             -- Mike****
>
> ** **
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
The Elite Gentleman

v2.23.0 | Report a Bug | By Email