[OAUTH-WG] ABNF Re: Error Encoding: Conclusion
William Mills <wmills@yahoo-inc.com> Fri, 01 June 2012 04:31 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AA8D11E80A6 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM82tNiQ8lik for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:40 -0700 (PDT)
Received: from nm2-vm0.bullet.mail.ne1.yahoo.com (nm2-vm0.bullet.mail.ne1.yahoo.com [98.138.91.39]) by ietfa.amsl.com (Postfix) with SMTP id 9505911E8086 for <oauth@ietf.org>; Thu, 31 May 2012 21:31:31 -0700 (PDT)
Received: from [98.138.90.52] by nm2.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:28 -0000
Received: from [98.138.89.192] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
Received: from [127.0.0.1] by omp1050.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 980615.76576.bm@omp1050.mail.ne1.yahoo.com
Received: (qmail 69359 invoked by uid 60001); 1 Jun 2012 04:31:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1338525087; bh=lELxrWG2Oo78ftZsFc7PGlHjMX+E9XOAgsxtx6VziQM=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Rb7/EV0szUcYniD+OOiotGIy7XjkQFCCkP1bO/0yZ4Pt7NmEcKynhS6/aLFKpPhFMXmm5uADRNm6cbsfIaPS9UhEQgDxwOuEmDyMzMTva/p22oDWvmAobRTPndVRlunYhhwdH8D9XxdqSL/X0wTQPB6Gn9xEPGtc684+VEkVz4s=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Gpez4UpMhrstg7O36GoIvYpbaX5O8B+a5HwFDFJyG/Qm+IubUEE4LYgFhmHntgrE7EwoHtlSJ6RVoWmV7/WiTX5zYY0fid4dcTdFjdqF65Y5SvVk+IkOwV7FhD9z2Gvo1eWkqFVZs/MsmV0kPsq6q9+TXITZmJwT8Rls1zEINNM=;
X-YMail-OSG: t6BSPOwVM1n9fA32Yr9Mp2g0YxE0eoeyn6.doAPoTIrUzcX ZW7g2IeqxKc2q0gEW1YV6TU.AA8lLT.S3kOvLjB51qGQm9AnxRKhKjwkw2vJ OTswKFVC_5Bj1Y_IQg1Zg6pTzuT_I1epz.4TXK52COVqqJ1rBQ9ZT6RBjTgs rMGqfMUi1MWEkfgO3SvkL.caSFACf3DYHDQT9qmSc42CAxdsgYN48QXy7FS3 T5_Stgn65BxYcKSxZljrylifVMDWWu_FkMlKLfGSbfoPcL1eiyyjpdNDYz6e WlOclZlgpQoi7JzBx5p_WEJ6qbN9aFxafy0QK4ZTmyzBGrzPbwy7SYF92MZg FVUd3bWamScRUoQze6M.VTzr1zohJJQlnwa02oqsyuXP12v0pCBXYi.SaGMS qs8A7EX8X6N2zehvVmlVmYyuQh5lAirA-
Received: from [99.31.212.42] by web31813.mail.mud.yahoo.com via HTTP; Thu, 31 May 2012 21:31:27 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
Message-ID: <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Thu, 31 May 2012 21:31:27 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer <eran@hueniverse.com>, Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="767760015-360248941-1338525087=:63468"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 04:31:43 -0000
The current OAuth core spec section 8.5 has: error-code = ALPHA *error-char error-char = "-" / "." / "_" / DIGIT / ALPHA Mike's proposal would nominally be: error-code = *error-char error-char = %x20-21 / %x23-5B / %x5D-7E This is the set of ASCII characters from SPACE to '~' excluding '\' and '"'. I'm not in love with that, but it's clear. I'd prefer: error-code = ALPHA *error-char error-char = %x20-21 / %x23-5B / %x5D-7E -bill >________________________________ > From: Eran Hammer <eran@hueniverse.com> >To: Mike Jones <Michael.Jones@microsoft.com>; Hannes Tschofenig <hannes.tschofenig@gmx.net> >Cc: "oauth@ietf.org WG" <oauth@ietf.org> >Sent: Thursday, May 31, 2012 7:47 PM >Subject: Re: [OAUTH-WG] Error Encoding: Conclusion > > > >> -----Original Message----- >> From: Mike Jones [mailto:Michael.Jones@microsoft.com] >> Sent: Thursday, May 31, 2012 1:53 PM >> To: Eran Hammer; Hannes Tschofenig >> Cc: oauth@ietf.org WG >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion >> >> Actually, could you please publish before the ABNF is done so that I can >> publish a version of Bearer referencing the new text in Core, so it can be >> reviewed by the WG in parallel with the ABNF work happening? I think that >> was Hannes' intent in asking you to publish soon. > >I'll review the text and will reply back as to publishing schedule. > >> Version numbers are >> cheap... > >My time isn't. > >EH > >> Thanks, >> -- Mike >> >> -----Original Message----- >> From: Eran Hammer [mailto:eran@hueniverse.com] >> Sent: Thursday, May 31, 2012 12:35 PM >> To: Hannes Tschofenig >> Cc: Mike Jones; oauth@ietf.org WG >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion >> >> I'll first review the proposed text (as a WG member) and raise any issues >> remaining (if any). >> >> I will wait until the ABNF text is provided before publishing another version. >> >> EH >> >> > -----Original Message----- >> > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] >> > Sent: Thursday, May 31, 2012 10:54 AM >> > To: Eran Hammer >> > Cc: Mike Jones; oauth@ietf.org WG; Hannes Tschofenig >> > Subject: Re: [OAUTH-WG] Error Encoding: Conclusion >> > >> > Eran, could you publish a new draft version by Sunday with these >> > changes incorporated? That should give the working group enough time >> > to look at these few paragraphs. >> > >> > In the meanwhile we are working on addressing the ABNF issue Sean >> > raised and we will then go for another update. >> > >> > Ciao >> > Hannes >> > >> > On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote: >> > >> > > Hi Mike, >> > > >> > > thank you for compiling the text. It looks good to me. I have not >> > > seen >> > anyone from the working group screaming either. >> > > >> > > Eran, can you incorporate these changes into the next draft version? >> > > >> > > Ciao >> > > Hannes >> > > >> > > On May 30, 2012, at 2:10 AM, Mike Jones wrote: >> > > >> > >> I've made another set of updates to a copy of Core -26 to address >> > >> the >> > questions raised by Eran and David below (attached). >> > >> >> > >> An unrelated change that you should probably pick up, Eran is >> > >> adding this >> > to the <front> section, so that the heading shows that the draft is a >> > product of the "OAuth Working Group" rather than the "Network Working >> Group": >> > >> <area>Security</area> >> > >> <workgroup>OAuth Working Group</workgroup> >> > >> >> > >> One change I didn't make, but that should be considered, is to >> > >> delete the >> > reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in >> > the document. >> > >> >> > >> The new proposed text for Section 7.2 follows: >> > >> >> > >> 7.2. Error Response >> > >> >> > >> If a resource access request fails, the resource server SHOULD inform >> > >> the client of the error. While the specific error responses possible >> > >> and methods for transmitting those errors when using any particular >> > >> access token type are beyond the scope of this specification, any >> > >> "error" code values defined for use with OAuth resource access >> > >> methods MUST be registered (following the procedures in >> > >> Section 11.4). >> > >> >> > >> Specifically, when the OAuth resource access method uses an "error" >> > >> result parameter to return an error code value that indicates the >> > >> resource access error encountered, then these error code values >> MUST >> > >> be registered. Values for these "error" codes MUST NOT include >> > >> characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an >> > >> "error" code value is registered for use by an OAuth resource access >> > >> method, should that same code already be registered for use by >> > >> another OAuth resource access method or at a different OAuth error >> > >> usage location, then the meaning of that error code value in in the >> > >> new registration MUST be consistent with the its meaning in prior >> > >> registrations. >> > >> >> > >> The OAuth resource access error registration requirement applies only >> > >> to "error" code values and not to other means of returning error >> > >> indications, including HTTP status codes, or other error-related >> > >> result parameters, such as "error_description", "error_uri", or other >> > >> kinds of error status return methods that may be employed by the >> > >> resource access method. There is no requirement that OAuth resource >> > >> access methods employ an "error" parameter. >> > >> >> > >> Hopefully incorporating these changes will enable us to close the >> > remaining DISCUSS issues on both the Core and Bearer drafts. >> > >> >> > >> Thanks all, >> > >> -- >> > >> Mike >> > >> >> > >> >> > >> From: Eran Hammer [mailto:eran@hueniverse.com] >> > >> Sent: Wednesday, May 23, 2012 11:45 PM >> > >> To: David Recordon; Mike Jones; Hannes Tschofenig >> > >> Cc: oauth@ietf.org WG >> > >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion >> > >> >> > >> With the exception of section 7.2, the changes look reasonable and >> > >> will be >> > applied in the next revision. >> > >> >> > >> The new section 7.2 is confusion and does not explain the new registry. >> > The section introduces a new requirement to register 'any error codes >> > defined for use with OAuth resource access methods'. This requirement >> > is too vague. >> > >> >> > >> I have no clue how to (for example) apply this text to the MAC draft. >> > Adding to David's list below: >> > >> >> > >> * Should the HTTP status codes used by the MAC spec as currently >> > >> written >> > be registered (since no guidance is given to the use of an error parameter)? >> > >> * Does this introduce a requirement to add an error parameter? >> > >> * Does the parameter need to / should be called 'error'? >> > >> * What about future methods in which errors are not simply >> > >> expressed in >> > the form of a fixes string? >> > >> >> > >> EH >> > >> >> > >> >> > >> From: David Recordon [mailto:recordond@gmail.com] >> > >> Sent: Wednesday, May 23, 2012 11:38 PM >> > >> To: Mike Jones; Hannes Tschofenig; Eran Hammer >> > >> Cc: oauth@ietf.org WG >> > >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion >> > >> >> > >> Honestly still trying to fully wrap my head around what's going on >> > >> here >> > since it seems far more complex than the threads are alluding to. In >> > any case, does Mike's text address what Eran brought up as needed in >> > the thread Hannes referenced or is Eran wrong? >> > >> >> > >> The core spec currently provides full guidance and definition for >> > >> error >> > extensibility. Extending the registry's scope means the need for >> > non-trivial new text that: >> > >> >> > >> * explains the process of adding new errors for endpoints not >> > >> defined by >> > this specification, >> > >> * finds a common ground for value restrictions beyond what is >> > >> already >> > listed, >> > >> * guide authors of future HTTP authentication schemes meant for use >> > with OAuth (e.g. MAC) for their requirements for using the error >> > registry, and >> > >> * address the very likely scenario of the same error code carrying >> > different meanings in different endpoints, or an extension that adds a >> > location to a code already defined elsewhere - something very likely >> > to happen if you cross the two very different domains (OAuth >> > endpoints, Protected resource endpoints). This requires changing the >> > entire structure of the registry to create separate records for each >> code/location pair. >> > >> >> > >> Thanks, >> > >> --David >> > >> >> > >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones >> > <Michael.Jones@microsoft.com> wrote: >> > >> Thanks Hannes. In the interest of hopefully completing the edits >> > >> to >> > remove the DISCUSS issues for the Bearer and Core specs in the next >> > few days so that we can send the docs to the RFC editors, I'd like to >> > propose specific language for the Core spec to address both of the >> > consensus call issue resolutions. After there's consensus on the >> > specific text for Core, it will be easy for us to add a reference in >> > Bearer to the language in Core for the error syntax restrictions and >> > to use the OAuth errors registry. I'll do that in parallel with the discussions >> on the proposed core language changes. >> > >> >> > >> >> > >> >> > >> A summary of the changes I made in response to the consensus call >> > conclusions are: >> > >> >> > >> * Add syntax restrictions for "error", "error_description", and >> > "error_uri" from Bearer to Core >> > >> >> > >> * Add section 7.2 about error responses from resource access >> requests >> > >> >> > >> * Add "resource access error response" to the category of OAuth >> > errors that can be registered >> > >> >> > >> >> > >> >> > >> Additional editorial changes that I made as I encountered issues in >> > >> the >> > document were: >> > >> >> > >> * Updated out of date references, especially the draft-hardt-oauth- >> 01 >> > reference, which contained an invalid link >> > >> >> > >> * Added Derek Atkins to the list of chairs >> > >> >> > >> * Added Yaron Goland's middle initial Y. (since he prefers to include >> it >> > in publications) >> > >> >> > >> * Replaced use of the deprecated <appendix> element, which >> > prevented the spec from building with strict checking, with a >> > <section> element in the <back> section (which creates an appendix) >> > >> >> > >> >> > >> >> > >> To make it easy to incorporate these changes into the document and >> > >> so >> > the proposed changes are unambiguous, I produced an edited version of >> > Core -26 containing these changes. The xml, txt, and html versions >> > are attached to facilitate review. Pertinent diffs from the .txt version >> follow. >> > >> >> > >> >> > >> >> > >> Cheers, >> > >> >> > >> -- Mike >> > >> >> > >> >> > >> >> > >> 683c683,684 >> > >> >> > >> < notation of [RFC5234]. >> > >> >> > >> --- >> > >> >> > >>> notation of [RFC5234]. Additionally, the rule URI-Reference is >> > >> >> > >>> included from Uniform Resource Identifier (URI) [RFC3986]. >> > >> >> > >> 1441c1441,1442 >> > >> >> > >> < REQUIRED. A single error code from the following: >> > >> >> > >> --- >> > >> >> > >>> REQUIRED. A single ASCII [USASCII] error code from the >> > >> >> > >>> following: >> > >> >> > >> 1474a1475,1476 >> > >> >> > >>> Values for the "error" parameter MUST NOT include >> > >>> characters >> > >> >> > >>> outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 1476c1478 >> > >> >> > >> < OPTIONAL. A human-readable UTF-8 encoded text providing >> > >> >> > >> --- >> > >> >> > >>> OPTIONAL. A human-readable ASCII [USASCII] text providing >> > >> >> > >> 1478a1481,1482 >> > >> >> > >>> Values for the "error_description" parameter MUST NOT >> > >>> include >> > >> >> > >>> characters outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 1482a1487,1489 >> > >> >> > >>> Values for the "error_uri" parameter MUST conform to the >> > >>> URI- >> > >> >> > >>> Reference syntax, and thus MUST NOT include characters >> > >>> outside >> > >> >> > >>> the set %x21 / %x23-5B / %x5D-7E. >> > >> >> > >> 1840c1840,1841 >> > >> >> > >> < REQUIRED. A single error code from the following: >> > >> >> > >> --- >> > >> >> > >>> REQUIRED. A single ASCII [USASCII] error code from the >> > >> >> > >>> following: >> > >> >> > >> 1873a1874,1875 >> > >> >> > >>> Values for the "error" parameter MUST NOT include >> > >>> characters >> > >> >> > >>> outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 1875c1877 >> > >> >> > >> < OPTIONAL. A human-readable UTF-8 encoded text providing >> > >> >> > >> --- >> > >> >> > >>> OPTIONAL. A human-readable ASCII [USASCII] text providing >> > >> >> > >> 1877a1880,1881 >> > >> >> > >>> Values for the "error_description" parameter MUST NOT >> > >>> include >> > >> >> > >>> characters outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 1881a1886,1888 >> > >> >> > >>> Values for the "error_uri" parameter MUST conform to the >> > >>> URI- >> > >> >> > >>> Reference syntax, and thus MUST NOT include characters >> > >>> outside >> > >> >> > >>> the set %x21 / %x23-5B / %x5D-7E. >> > >> >> > >> < REQUIRED. A single error code from the following: >> > >> >> > >> --- >> > >> >> > >>> REQUIRED. A single ASCII [USASCII] error code from the >> > >> >> > >>> following: >> > >> >> > >> 2325a2326,2327 >> > >> >> > >>> Values for the "error" parameter MUST NOT include >> > >>> characters >> > >> >> > >>> outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 2327c2329 >> > >> >> > >> < OPTIONAL. A human-readable UTF-8 encoded text providing >> > >> >> > >> --- >> > >> >> > >>> OPTIONAL. A human-readable ASCII [USASCII] text providing >> > >> >> > >> 2329a2332,2333 >> > >> >> > >>> Values for the "error_description" parameter MUST NOT >> > >>> include >> > >> >> > >>> characters outside the set %x20-21 / %x23-5B / %x5D-7E. >> > >> >> > >> 2333a2338,2340 >> > >> >> > >>> Values for the "error_uri" parameter MUST conform to the >> > >>> URI- >> > >> >> > >>> Reference syntax, and thus MUST NOT include characters >> > >>> outside >> > >> >> > >>> the set %x21 / %x23-5B / %x5D-7E. >> > >> >> > >> 2450c2460,2468 >> > >> >> > >> < The method in which the client utilized the access token to >> > >> >> > >> --- >> > >> >> > >>> The method in which the client utilizes the access token to >> > >> >> > >> 2479c2489 >> > >> >> > >> < Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw >> > >> >> > >> --- >> > >> >> > >>> Authorization: Bearer mF_9.B5f-4.1JqM >> > >> >> > >> 2503a2514,2533 >> > >> >> > >>> >> > >> >> > >>> 7.2. Error Response >> > >> >> > >>> >> > >> >> > >>> If a resource access request fails, the resource server SHOULD >> > >>> inform >> > >> >> > >>> the client of the error. While the specific error responses >> > >>> possible >> > >> >> > >>> and methods for transmitting those errors when using any >> > >>> particular >> > >> >> > >>> access token type are beyond the scope of this specification, >> > >>> any >> > >> >> > >>> error codes defined for use with OAuth resource access methods >> > >>> MUST >> > >> >> > >>> be registered (following the procedures in Section 11.4). >> > >> >> > >>> >> > >> >> > >>> >> > >> >> > >> 2602,2603c2624,2626 >> > >> >> > >> < (Section 4.2.2.1), or the token error response (Section 5.2), such >> > >> >> > >> < error codes MAY be defined. >> > >> >> > >> --- >> > >> >> > >>> (Section 4.2.2.1), the token error response (Section 5.2), or >> > >>> the >> > >> >> > >>> resource access error response (Section 7.2), such error codes >> > >>> MAY be >> > >> >> > >>> defined. >> > >> >> > >> 3444c3484,3485 >> > >> >> > >> < (Section 4.2.2.1), or token error response (Section 5.2). >> > >> >> > >> --- >> > >> >> > >>> (Section 4.2.2.1), token error response (Section 5.2), or >> > >>> resource >> > >> >> > >>> access error response (Section 7.2). >> > >> >> > >> 3596a3554,3557 >> > >> >> > >>> [USASCII] American National Standards Institute, "Coded >> > >>> Character >> > >> >> > >>> Set -- 7-bit American Standard Code for Information >> > >> >> > >>> Interchange", ANSI X3.4, 1986. >> > >> >> > >>> >> > >> >> > >> 3611,3612c3572,3573 >> > >> >> > >> < OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in >> > >> >> > >> < progress), August 2011. >> > >> >> > >> --- >> > >> >> > >>> OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in >> > >> >> > >>> progress), May 2012. >> > >> >> > >> 3616,3617c3577,3579 >> > >> >> > >> < Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08 >> > >> >> > >> < (work in progress), July 2011. >> > >> >> > >> --- >> > >> >> > >>> Authorization Protocol: Bearer Tokens", >> > >> >> > >>> draft-ietf-oauth-v2-bearer-19 (work in progress), >> > >> >> > >>> April 2012. >> > >> >> > >> 3620,3623c3589,3591 >> > >> >> > >> < Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP >> > >> >> > >> < Authentication: MAC Access Authentication", >> > >> >> > >> < draft-ietf-oauth-v2-http-mac-00 (work in progress), >> > >> >> > >> < May 2011. >> > >> >> > >> --- >> > >> >> > >>> Hammer-Lahav, E., "HTTP Authentication: MAC Access >> > >> >> > >>> Authentication", draft-ietf-oauth-v2-http-mac-01 >> > >>> (work in >> > >> >> > >>> progress), February 2012. >> > >> >> > >> 3626c3594 >> > >> >> > >> < Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0 >> > >> >> > >> --- >> > >> >> > >>> McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0 >> > >> >> > >> 3628,3629c3596,3597 >> > >> >> > >> < draft-ietf-oauth-v2-threatmodel-00 (work in progress), >> > >> >> > >> < July 2011. >> > >> >> > >> --- >> > >> >> > >>> draft-ietf-oauth-v2-threatmodel-02 (work in >> > >>> progress), >> > >> >> > >>> February 2012. >> > >> >> > >> 3468,3546d3503 >> > >> >> > >> < Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom. >> > >> >> > >> 3639c3609,3639 >> > >> >> > >>> Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom. >> > >> >> > >> 3468,3546d3503 >> > >> >> > >> < Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart, >> > >> >> > >> 3644,3645c3644,3656 >> > >> >> > >>> Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin >> > >>> Hart, >> > >> >> > >> 3468,3546d3503 >> > >> >> > >> < This document was produced under the chairmanship of Blaine >> Cook, >> > >> >> > >> < Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba. The area >> > >> >> > >> < directors included Lisa Dusseault, Peter Saint-Andre, and Stephen >> > >> >> > >> < Farrell. >> > >> >> > >> 3646a3658,3661 >> > >> >> > >>> This document was produced under the chairmanship of Blaine >> > >>> Cook, >> > >> >> > >>> Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins. >> > >> >> > >>> The area directors included Lisa Dusseault, Peter Saint-Andre, >> > >>> and >> > >> >> > >>> Stephen Farrell. >> > >> >> > >> >> > >> >> > >> -----Original Message----- >> > >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On >> > Behalf Of Hannes Tschofenig >> > >> Sent: Wednesday, May 23, 2012 11:27 AM >> > >> To: oauth@ietf.org WG >> > >> Subject: [OAUTH-WG] Error Encoding: Conclusion >> > >> >> > >> >> > >> >> > >> Hi all, >> > >> >> > >> >> > >> >> > >> on May 10th we called for consensus on an open issue regarding the >> > >> error >> > encoding. Here is the link to the call: >> > >> >> > >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html >> > >> >> > >> >> > >> >> > >> Thank you all for the feedback. The conclusion of the consensus >> > >> call was >> > to harmonize the encoding between the two specifications by >> > incorporating the restrictions from the bearer specification into the >> > base specification. The error encoding will go into the core >> > specification and the bearer specification will reference it. >> > >> >> > >> >> > >> >> > >> Ciao >> > >> >> > >> Hannes & Derek >> > >> >> > >> >> > >> >> > >> _______________________________________________ >> > >> >> > >> OAuth mailing list >> > >> >> > >> OAuth@ietf.org >> > >> >> > >> https://www.ietf.org/mailman/listinfo/oauth >> > >> >> > >> >> > >> >> > >> >> > >> _______________________________________________ >> > >> OAuth mailing list >> > >> OAuth@ietf.org >> > >> https://www.ietf.org/mailman/listinfo/oauth >> > >> >> > >> >> > >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj- >> > 2.txt><draft-ietf-oauth-v2-26+mbj-2.html> >> > > >> >> > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >
- [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion David Recordon
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Hannes Tschofenig
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer
- [OAUTH-WG] ABNF Re: Error Encoding: Conclusion William Mills
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion William Mills
- Re: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Mike Jones
- Re: [OAUTH-WG] Error Encoding: Conclusion Eran Hammer