IETF Logo Mail Archive

[OAUTH-WG] ABNF Re: Error Encoding: Conclusion

William Mills <wmills@yahoo-inc.com> Fri, 01 June 2012 04:31 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AA8D11E80A6 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM82tNiQ8lik for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:40 -0700 (PDT)
Received: from nm2-vm0.bullet.mail.ne1.yahoo.com (nm2-vm0.bullet.mail.ne1.yahoo.com [98.138.91.39]) by ietfa.amsl.com (Postfix) with SMTP id 9505911E8086 for <oauth@ietf.org>; Thu, 31 May 2012 21:31:31 -0700 (PDT)
Received: from [98.138.90.52] by nm2.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:28 -0000
Received: from [98.138.89.192] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
Received: from [127.0.0.1] by omp1050.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 980615.76576.bm@omp1050.mail.ne1.yahoo.com
Received: (qmail 69359 invoked by uid 60001); 1 Jun 2012 04:31:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1338525087; bh=lELxrWG2Oo78ftZsFc7PGlHjMX+E9XOAgsxtx6VziQM=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Rb7/EV0szUcYniD+OOiotGIy7XjkQFCCkP1bO/0yZ4Pt7NmEcKynhS6/aLFKpPhFMXmm5uADRNm6cbsfIaPS9UhEQgDxwOuEmDyMzMTva/p22oDWvmAobRTPndVRlunYhhwdH8D9XxdqSL/X0wTQPB6Gn9xEPGtc684+VEkVz4s=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Gpez4UpMhrstg7O36GoIvYpbaX5O8B+a5HwFDFJyG/Qm+IubUEE4LYgFhmHntgrE7EwoHtlSJ6RVoWmV7/WiTX5zYY0fid4dcTdFjdqF65Y5SvVk+IkOwV7FhD9z2Gvo1eWkqFVZs/MsmV0kPsq6q9+TXITZmJwT8Rls1zEINNM=;
X-YMail-OSG: t6BSPOwVM1n9fA32Yr9Mp2g0YxE0eoeyn6.doAPoTIrUzcX ZW7g2IeqxKc2q0gEW1YV6TU.AA8lLT.S3kOvLjB51qGQm9AnxRKhKjwkw2vJ OTswKFVC_5Bj1Y_IQg1Zg6pTzuT_I1epz.4TXK52COVqqJ1rBQ9ZT6RBjTgs rMGqfMUi1MWEkfgO3SvkL.caSFACf3DYHDQT9qmSc42CAxdsgYN48QXy7FS3 T5_Stgn65BxYcKSxZljrylifVMDWWu_FkMlKLfGSbfoPcL1eiyyjpdNDYz6e WlOclZlgpQoi7JzBx5p_WEJ6qbN9aFxafy0QK4ZTmyzBGrzPbwy7SYF92MZg FVUd3bWamScRUoQze6M.VTzr1zohJJQlnwa02oqsyuXP12v0pCBXYi.SaGMS qs8A7EX8X6N2zehvVmlVmYyuQh5lAirA-
Received: from [99.31.212.42] by web31813.mail.mud.yahoo.com via HTTP; Thu, 31 May 2012 21:31:27 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
Message-ID: <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Thu, 31 May 2012 21:31:27 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer <eran@hueniverse.com>, Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="767760015-360248941-1338525087=:63468"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: [OAUTH-WG] ABNF Re: Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 04:31:43 -0000

The current OAuth core spec section 8.5 has:
error-code   = ALPHA *error-char error-char   = "-" / "." / "_" / DIGIT / ALPHA 
Mike's proposal would nominally be:

error-code   = *error-char
     error-char   = %x20-21 / %x23-5B / %x5D-7E 
This is the set of ASCII characters from SPACE to '~' excluding '\' and '"'.  I'm not 
in love with that, but it's clear.  I'd prefer:

error-code   = ALPHA *error-char
     error-char   = %x20-21 / %x23-5B / %x5D-7E 
-bill 




>________________________________
> From: Eran Hammer <eran@hueniverse.com>
>To: Mike Jones <Michael.Jones@microsoft.com>; Hannes Tschofenig <hannes.tschofenig@gmx.net> 
>Cc: "oauth@ietf.org WG" <oauth@ietf.org> 
>Sent: Thursday, May 31, 2012 7:47 PM
>Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> 
>
>
>> -----Original Message-----
>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
>> Sent: Thursday, May 31, 2012 1:53 PM
>> To: Eran Hammer; Hannes Tschofenig
>> Cc: oauth@ietf.org WG
>> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>> 
>> Actually, could you please publish before the ABNF is done so that I can
>> publish a version of Bearer referencing the new text in Core, so it can be
>> reviewed by the WG in parallel with the ABNF work happening?  I think that
>> was Hannes' intent in asking you to publish soon.
>
>I'll review the text and will reply back as to publishing schedule.
>
>> Version numbers are
>> cheap...
>
>My time isn't.
>
>EH
>
>>                 Thanks,
>>                 -- Mike
>> 
>> -----Original Message-----
>> From: Eran Hammer [mailto:eran@hueniverse.com]
>> Sent: Thursday, May 31, 2012 12:35 PM
>> To: Hannes Tschofenig
>> Cc: Mike Jones; oauth@ietf.org WG
>> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>> 
>> I'll first review the proposed text (as a WG member) and raise any issues
>> remaining (if any).
>> 
>> I will wait until the ABNF text is provided before publishing another version.
>> 
>> EH
>> 
>> > -----Original Message-----
>> > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>> > Sent: Thursday, May 31, 2012 10:54 AM
>> > To: Eran Hammer
>> > Cc: Mike Jones; oauth@ietf.org WG; Hannes Tschofenig
>> > Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
>> >
>> > Eran, could you publish a new draft version by Sunday with these
>> > changes incorporated? That should give the working group enough time
>> > to look at these few paragraphs.
>> >
>> > In the meanwhile we are working on addressing the ABNF issue Sean
>> > raised and we will then go for another update.
>> >
>> > Ciao
>> > Hannes
>> >
>> > On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:
>> >
>> > > Hi Mike,
>> > >
>> > > thank you for compiling the text. It looks good to me. I have not
>> > > seen
>> > anyone from the working group screaming either.
>> > >
>> > > Eran, can you incorporate these changes into the next draft version?
>> > >
>> > > Ciao
>> > > Hannes
>> > >
>> > > On May 30, 2012, at 2:10 AM, Mike Jones wrote:
>> > >
>> > >> I've made another set of updates to a copy of Core -26 to address
>> > >> the
>> > questions raised by Eran and David below (attached).
>> > >>
>> > >> An unrelated change that you should probably pick up, Eran is
>> > >> adding this
>> > to the <front> section, so that the heading shows that the draft is a
>> > product of the "OAuth Working Group" rather than the "Network Working
>> Group":
>> > >>    <area>Security</area>
>> > >>    <workgroup>OAuth Working Group</workgroup>
>> > >>
>> > >> One change I didn't make, but that should be considered, is to
>> > >> delete the
>> > reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in
>> > the document.
>> > >>
>> > >> The new proposed text for Section 7.2 follows:
>> > >>
>> > >> 7.2.  Error Response
>> > >>
>> > >>   If a resource access request fails, the resource server SHOULD inform
>> > >>   the client of the error.  While the specific error responses possible
>> > >>   and methods for transmitting those errors when using any particular
>> > >>   access token type are beyond the scope of this specification, any
>> > >>   "error" code values defined for use with OAuth resource access
>> > >>   methods MUST be registered (following the procedures in
>> > >>   Section 11.4).
>> > >>
>> > >>   Specifically, when the OAuth resource access method uses an "error"
>> > >>   result parameter to return an error code value that indicates the
>> > >>   resource access error encountered, then these error code values
>> MUST
>> > >>   be registered.  Values for these "error" codes MUST NOT include
>> > >>   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
>> > >>   "error" code value is registered for use by an OAuth resource access
>> > >>   method, should that same code already be registered for use by
>> > >>   another OAuth resource access method or at a different OAuth error
>> > >>   usage location, then the meaning of that error code value in in the
>> > >>   new registration MUST be consistent with the its meaning in prior
>> > >>   registrations.
>> > >>
>> > >>   The OAuth resource access error registration requirement applies only
>> > >>   to "error" code values and not to other means of returning error
>> > >>   indications, including HTTP status codes, or other error-related
>> > >>   result parameters, such as "error_description", "error_uri", or other
>> > >>   kinds of error status return methods that may be employed by the
>> > >>   resource access method.  There is no requirement that OAuth resource
>> > >>   access methods employ an "error" parameter.
>> > >>
>> > >> Hopefully incorporating these changes will enable us to close the
>> > remaining DISCUSS issues on both the Core and Bearer drafts.
>> > >>
>> > >>                                                                Thanks all,
>> > >>                                                                --
>> > >> Mike
>> > >>
>> > >>
>> > >> From: Eran Hammer [mailto:eran@hueniverse.com]
>> > >> Sent: Wednesday, May 23, 2012 11:45 PM
>> > >> To: David Recordon; Mike Jones; Hannes Tschofenig
>> > >> Cc: oauth@ietf.org WG
>> > >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>> > >>
>> > >> With the exception of section 7.2, the changes look reasonable and
>> > >> will be
>> > applied in the next revision.
>> > >>
>> > >> The new section 7.2 is confusion and does not explain the new registry.
>> > The section introduces a new requirement to register 'any error codes
>> > defined for use with OAuth resource access methods'. This requirement
>> > is too vague.
>> > >>
>> > >> I have no clue how to (for example) apply this text to the MAC draft.
>> > Adding to David's list below:
>> > >>
>> > >> * Should the HTTP status codes used by the MAC spec as currently
>> > >> written
>> > be registered (since no guidance is given to the use of an error parameter)?
>> > >> * Does this introduce a requirement to add an error parameter?
>> > >> * Does the parameter need to / should be called 'error'?
>> > >> * What about future methods in which errors are not simply
>> > >> expressed in
>> > the form of a fixes string?
>> > >>
>> > >> EH
>> > >>
>> > >>
>> > >> From: David Recordon [mailto:recordond@gmail.com]
>> > >> Sent: Wednesday, May 23, 2012 11:38 PM
>> > >> To: Mike Jones; Hannes Tschofenig; Eran Hammer
>> > >> Cc: oauth@ietf.org WG
>> > >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
>> > >>
>> > >> Honestly still trying to fully wrap my head around what's going on
>> > >> here
>> > since it seems far more complex than the threads are alluding to. In
>> > any case, does Mike's text address what Eran brought up as needed in
>> > the thread Hannes referenced or is Eran wrong?
>> > >>
>> > >> The core spec currently provides full guidance and definition for
>> > >> error
>> > extensibility. Extending the registry's scope means the need for
>> > non-trivial new text that:
>> > >>
>> > >> * explains the process of adding new errors for endpoints not
>> > >> defined by
>> > this specification,
>> > >> * finds a common ground for value restrictions beyond what is
>> > >> already
>> > listed,
>> > >> * guide authors of future HTTP authentication schemes meant for use
>> > with OAuth (e.g. MAC) for their requirements for using the error
>> > registry, and
>> > >> * address the very likely scenario of the same error code carrying
>> > different meanings in different endpoints, or an extension that adds a
>> > location to a code already defined elsewhere - something very likely
>> > to happen if you cross the two very different domains (OAuth
>> > endpoints, Protected resource endpoints). This requires changing the
>> > entire structure of the registry to create separate records for each
>> code/location pair.
>> > >>
>> > >> Thanks,
>> > >> --David
>> > >>
>> > >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones
>> > <Michael.Jones@microsoft.com> wrote:
>> > >> Thanks Hannes.  In the interest of hopefully completing the edits
>> > >> to
>> > remove the DISCUSS issues for the Bearer and Core specs in the next
>> > few days so that we can send the docs to the RFC editors, I'd like to
>> > propose specific language for the Core spec to address both of the
>> > consensus call issue resolutions.  After there's consensus on the
>> > specific text for Core, it will be easy for us to add a reference in
>> > Bearer to the language in Core for the error syntax restrictions and
>> > to use the OAuth errors registry.  I'll do that in parallel with the discussions
>> on the proposed core language changes.
>> > >>
>> > >>
>> > >>
>> > >> A summary of the changes I made in response to the consensus call
>> > conclusions are:
>> > >>
>> > >> *        Add syntax restrictions for "error", "error_description", and
>> > "error_uri" from Bearer to Core
>> > >>
>> > >> *        Add section 7.2 about error responses from resource access
>> requests
>> > >>
>> > >> *        Add "resource access error response" to the category of OAuth
>> > errors that can be registered
>> > >>
>> > >>
>> > >>
>> > >> Additional editorial changes that I made as I encountered issues in
>> > >> the
>> > document were:
>> > >>
>> > >> *        Updated out of date references, especially the draft-hardt-oauth-
>> 01
>> > reference, which contained an invalid link
>> > >>
>> > >> *        Added Derek Atkins to the list of chairs
>> > >>
>> > >> *        Added Yaron Goland's middle initial Y. (since he prefers to include
>> it
>> > in publications)
>> > >>
>> > >> *        Replaced use of the deprecated <appendix> element, which
>> > prevented the spec from building with strict checking, with a
>> > <section> element in the <back> section (which creates an appendix)
>> > >>
>> > >>
>> > >>
>> > >> To make it easy to incorporate these changes into the document and
>> > >> so
>> > the proposed changes are unambiguous, I produced an edited version of
>> > Core -26 containing these changes.  The xml, txt, and html versions
>> > are attached to facilitate review.  Pertinent diffs from the .txt version
>> follow.
>> > >>
>> > >>
>> > >>
>> > >>                                                            Cheers,
>> > >>
>> > >>                                                            -- Mike
>> > >>
>> > >>
>> > >>
>> > >> 683c683,684
>> > >>
>> > >> <    notation of [RFC5234].
>> > >>
>> > >> ---
>> > >>
>> > >>>   notation of [RFC5234].  Additionally, the rule URI-Reference is
>> > >>
>> > >>>   included from Uniform Resource Identifier (URI) [RFC3986].
>> > >>
>> > >> 1441c1441,1442
>> > >>
>> > >> <          REQUIRED.  A single error code from the following:
>> > >>
>> > >> ---
>> > >>
>> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
>> > >>
>> > >>>         following:
>> > >>
>> > >> 1474a1475,1476
>> > >>
>> > >>>         Values for the "error" parameter MUST NOT include
>> > >>> characters
>> > >>
>> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 1476c1478
>> > >>
>> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>> > >>
>> > >> ---
>> > >>
>> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>> > >>
>> > >> 1478a1481,1482
>> > >>
>> > >>>         Values for the "error_description" parameter MUST NOT
>> > >>> include
>> > >>
>> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 1482a1487,1489
>> > >>
>> > >>>         Values for the "error_uri" parameter MUST conform to the
>> > >>> URI-
>> > >>
>> > >>>         Reference syntax, and thus MUST NOT include characters
>> > >>> outside
>> > >>
>> > >>>         the set %x21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 1840c1840,1841
>> > >>
>> > >> <          REQUIRED.  A single error code from the following:
>> > >>
>> > >> ---
>> > >>
>> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
>> > >>
>> > >>>         following:
>> > >>
>> > >> 1873a1874,1875
>> > >>
>> > >>>         Values for the "error" parameter MUST NOT include
>> > >>> characters
>> > >>
>> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 1875c1877
>> > >>
>> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>> > >>
>> > >> ---
>> > >>
>> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>> > >>
>> > >> 1877a1880,1881
>> > >>
>> > >>>         Values for the "error_description" parameter MUST NOT
>> > >>> include
>> > >>
>> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 1881a1886,1888
>> > >>
>> > >>>         Values for the "error_uri" parameter MUST conform to the
>> > >>> URI-
>> > >>
>> > >>>         Reference syntax, and thus MUST NOT include characters
>> > >>> outside
>> > >>
>> > >>>         the set %x21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> <          REQUIRED.  A single error code from the following:
>> > >>
>> > >> ---
>> > >>
>> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
>> > >>
>> > >>>         following:
>> > >>
>> > >> 2325a2326,2327
>> > >>
>> > >>>         Values for the "error" parameter MUST NOT include
>> > >>> characters
>> > >>
>> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 2327c2329
>> > >>
>> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>> > >>
>> > >> ---
>> > >>
>> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>> > >>
>> > >> 2329a2332,2333
>> > >>
>> > >>>         Values for the "error_description" parameter MUST NOT
>> > >>> include
>> > >>
>> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 2333a2338,2340
>> > >>
>> > >>>         Values for the "error_uri" parameter MUST conform to the
>> > >>> URI-
>> > >>
>> > >>>         Reference syntax, and thus MUST NOT include characters
>> > >>> outside
>> > >>
>> > >>>         the set %x21 / %x23-5B / %x5D-7E.
>> > >>
>> > >> 2450c2460,2468
>> > >>
>> > >> <    The method in which the client utilized the access token to
>> > >>
>> > >> ---
>> > >>
>> > >>>   The method in which the client utilizes the access token to
>> > >>
>> > >> 2479c2489
>> > >>
>> > >> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
>> > >>
>> > >> ---
>> > >>
>> > >>>     Authorization: Bearer mF_9.B5f-4.1JqM
>> > >>
>> > >> 2503a2514,2533
>> > >>
>> > >>>
>> > >>
>> > >>> 7.2.  Error Response
>> > >>
>> > >>>
>> > >>
>> > >>>   If a resource access request fails, the resource server SHOULD
>> > >>> inform
>> > >>
>> > >>>   the client of the error.  While the specific error responses
>> > >>> possible
>> > >>
>> > >>>   and methods for transmitting those errors when using any
>> > >>> particular
>> > >>
>> > >>>   access token type are beyond the scope of this specification,
>> > >>> any
>> > >>
>> > >>>   error codes defined for use with OAuth resource access methods
>> > >>> MUST
>> > >>
>> > >>>   be registered (following the procedures in Section 11.4).
>> > >>
>> > >>>
>> > >>
>> > >>>
>> > >>
>> > >> 2602,2603c2624,2626
>> > >>
>> > >> <    (Section 4.2.2.1), or the token error response (Section 5.2), such
>> > >>
>> > >> <    error codes MAY be defined.
>> > >>
>> > >> ---
>> > >>
>> > >>>   (Section 4.2.2.1), the token error response (Section 5.2), or
>> > >>> the
>> > >>
>> > >>>   resource access error response (Section 7.2), such error codes
>> > >>> MAY be
>> > >>
>> > >>>   defined.
>> > >>
>> > >> 3444c3484,3485
>> > >>
>> > >> <       (Section 4.2.2.1), or token error response (Section 5.2).
>> > >>
>> > >> ---
>> > >>
>> > >>>      (Section 4.2.2.1), token error response (Section 5.2), or
>> > >>> resource
>> > >>
>> > >>>      access error response (Section 7.2).
>> > >>
>> > >> 3596a3554,3557
>> > >>
>> > >>>   [USASCII]  American National Standards Institute, "Coded
>> > >>> Character
>> > >>
>> > >>>              Set -- 7-bit American Standard Code for Information
>> > >>
>> > >>>              Interchange", ANSI X3.4, 1986.
>> > >>
>> > >>>
>> > >>
>> > >> 3611,3612c3572,3573
>> > >>
>> > >> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
>> > >>
>> > >> <               progress), August 2011.
>> > >>
>> > >> ---
>> > >>
>> > >>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
>> > >>
>> > >>>              progress), May 2012.
>> > >>
>> > >> 3616,3617c3577,3579
>> > >>
>> > >> <               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08
>> > >>
>> > >> <               (work in progress), July 2011.
>> > >>
>> > >> ---
>> > >>
>> > >>>              Authorization Protocol: Bearer Tokens",
>> > >>
>> > >>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
>> > >>
>> > >>>              April 2012.
>> > >>
>> > >> 3620,3623c3589,3591
>> > >>
>> > >> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
>> > >>
>> > >> <               Authentication: MAC Access Authentication",
>> > >>
>> > >> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
>> > >>
>> > >> <               May 2011.
>> > >>
>> > >> ---
>> > >>
>> > >>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
>> > >>
>> > >>>              Authentication", draft-ietf-oauth-v2-http-mac-01
>> > >>> (work in
>> > >>
>> > >>>              progress), February 2012.
>> > >>
>> > >> 3626c3594
>> > >>
>> > >> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
>> > >>
>> > >> ---
>> > >>
>> > >>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
>> > >>
>> > >> 3628,3629c3596,3597
>> > >>
>> > >> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress),
>> > >>
>> > >> <               July 2011.
>> > >>
>> > >> ---
>> > >>
>> > >>>              draft-ietf-oauth-v2-threatmodel-02 (work in
>> > >>> progress),
>> > >>
>> > >>>              February 2012.
>> > >>
>> > >> 3468,3546d3503
>> > >>
>> > >> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
>> > >>
>> > >> 3639c3609,3639
>> > >>
>> > >>>   Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
>> > >>
>> > >> 3468,3546d3503
>> > >>
>> > >> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
>> > >>
>> > >> 3644,3645c3644,3656
>> > >>
>> > >>>   Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin
>> > >>> Hart,
>> > >>
>> > >> 3468,3546d3503
>> > >>
>> > >> <    This document was produced under the chairmanship of Blaine
>> Cook,
>> > >>
>> > >> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area
>> > >>
>> > >> <    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen
>> > >>
>> > >> <    Farrell.
>> > >>
>> > >> 3646a3658,3661
>> > >>
>> > >>>   This document was produced under the chairmanship of Blaine
>> > >>> Cook,
>> > >>
>> > >>>   Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.
>> > >>
>> > >>>   The area directors included Lisa Dusseault, Peter Saint-Andre,
>> > >>> and
>> > >>
>> > >>>   Stephen Farrell.
>> > >>
>> > >>
>> > >>
>> > >> -----Original Message-----
>> > >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>> > Behalf Of Hannes Tschofenig
>> > >> Sent: Wednesday, May 23, 2012 11:27 AM
>> > >> To: oauth@ietf.org WG
>> > >> Subject: [OAUTH-WG] Error Encoding: Conclusion
>> > >>
>> > >>
>> > >>
>> > >> Hi all,
>> > >>
>> > >>
>> > >>
>> > >> on May 10th we called for consensus on an open issue regarding the
>> > >> error
>> > encoding. Here is the link to the call:
>> > >>
>> > >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
>> > >>
>> > >>
>> > >>
>> > >> Thank you all for the feedback. The conclusion of the consensus
>> > >> call was
>> > to harmonize the encoding between the two specifications by
>> > incorporating the restrictions from the bearer specification into the
>> > base specification. The error encoding will go into the core
>> > specification and the bearer specification will reference it.
>> > >>
>> > >>
>> > >>
>> > >> Ciao
>> > >>
>> > >> Hannes & Derek
>> > >>
>> > >>
>> > >>
>> > >> _______________________________________________
>> > >>
>> > >> OAuth mailing list
>> > >>
>> > >> OAuth@ietf.org
>> > >>
>> > >> https://www.ietf.org/mailman/listinfo/oauth
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> _______________________________________________
>> > >> OAuth mailing list
>> > >> OAuth@ietf.org
>> > >> https://www.ietf.org/mailman/listinfo/oauth
>> > >>
>> > >>
>> > >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-
>> > 2.txt><draft-ietf-oauth-v2-26+mbj-2.html>
>> > >
>> 
>> 
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email