Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Mike Jones <Michael.Jones@microsoft.com> Thu, 20 October 2011 18:38 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E91721F8BBE for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 11:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.115
X-Spam-Level:
X-Spam-Status: No, score=-10.115 tagged_above=-999 required=5 tests=[AWL=0.483, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhXvPBkmfAjB for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 11:38:49 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id 7821C21F8BBA for <oauth@ietf.org>; Thu, 20 Oct 2011 11:38:49 -0700 (PDT)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (157.54.80.48) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 20 Oct 2011 11:38:49 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.243]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.01.0339.002; Thu, 20 Oct 2011 11:38:48 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: William Mills <wmills@yahoo-inc.com>, Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Thread-Index: AcyOuBvrce+R9JZJS5GdKjqOZuv3GwAekJcAAA6gPVD//5G+AIAAheYAgABEsFA=
Date: Thu, 20 Oct 2011 18:38:48 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24D8F2@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C24B1CA@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FC9FA.8030001@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C24CAE6@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FCFA4.7050706@gmx.de> <1319124982.70621.YahooMailNeo@web31812.mail.mud.yahoo.com>
In-Reply-To: <1319124982.70621.YahooMailNeo@web31812.mail.mud.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739435C24D8F2TK5EX14MBXC283r_"
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 18:38:50 -0000
That would make sense once issue 27 is incorporated into the core spec.
-- Mike
From: William Mills [mailto:wmills@yahoo-inc.com]
Sent: Thursday, October 20, 2011 8:36 AM
To: Julian Reschke; Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Shouldn't the scope definition here refer to the scope definition in the core spec?
________________________________
From: Julian Reschke <julian.reschke@gmx.de<mailto:julian.reschke@gmx.de>>
To: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Cc: "oauth@ietf.org<mailto:oauth@ietf.org>" <oauth@ietf.org<mailto:oauth@ietf.org>>
Sent: Thursday, October 20, 2011 12:37 AM
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
On 2011-10-20 09:14, Mike Jones wrote:
> Can you recommend specific wording changes to address both issues?
2.2: "The entity-body is encoded using the "application/x-www-form-urlencoded" media type (Section 17.13.4 of [W3C.REC-html401-19991224]), applied to the UTF-8 [RFC3629] encoded forms of the parameter values."
Note 1: HTML4 ignores the encoding issue; this is a case where a reference to HTML5 would actually help in practice.
Note 2: I prefer refs in the form of [REC-html] or [HTML] rather than [W3C.REC-html401-19991224]...
2.4: As stated earlier, just define all those parameters to be "token / quoted-string", and then constrain the values further separately, such as:
"The value of the scope parameter, after potential quoted-string unquoting, contains a set of single-SP delimited scope values." Each scope value is restricted to
scope-val-char = %x21 / %x23-5B / %x5D-7E
; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
"
etc.
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- [OAUTH-WG] choice of credentials syntax, was: OAu… Julian Reschke
- [OAUTH-WG] OAuth 2.0 Bearer Token Specification D… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… William Mills
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones