Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
Eran Hammer-Lahav <eran@hueniverse.com> Fri, 21 January 2011 05:39 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13D523A68B3 for <oauth@core3.amsl.com>; Thu, 20 Jan 2011 21:39:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.563
X-Spam-Level:
X-Spam-Status: No, score=-2.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yhWQhOX30XsH for <oauth@core3.amsl.com>; Thu, 20 Jan 2011 21:39:12 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id F0CAC3A68BA for <oauth@ietf.org>; Thu, 20 Jan 2011 21:39:11 -0800 (PST)
Received: (qmail 600 invoked from network); 21 Jan 2011 05:41:56 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 21 Jan 2011 05:41:56 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Thu, 20 Jan 2011 22:41:56 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Thu, 20 Jan 2011 22:41:48 -0700
Thread-Topic: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
Thread-Index: Acu5BNSqQ9Z1WAYcQz6B5nxMzQt51AAAHbFwAAobE7A=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <20110121004501.28103.96097.idtracker@localhost> <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2011 05:39:13 -0000
Forgot to mention that I don't have any outstanding comments in my queue so if your feedback was not incorporated into -12, and you feel strongly about it, bring it up again. EHL > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Eran Hammer-Lahav > Sent: Thursday, January 20, 2011 4:57 PM > To: oauth@ietf.org > Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > Draft -12 is finally out. > > This is almost a complete rewrite of the entire document, with the primary > goal of moving it back to a similar structure used in -05. I have been thinking > about this for a few months and finally came up with a structure that > combines the two approaches. > > The draft includes some major cleanups, significantly simpler language, > reduces repeated prose, and tried to keep prose to the introduction and > normative language in the rest of the specification. I took out sections that > broke the flow, and did my best to give this a linear narrative that is easy to > follow. > > The draft includes the following normative changes: > > o Clarified 'token_type' as case insensitive. > o Authorization endpoint requires TLS when an access token is issued. > o Removed client assertion credentials, mandatory HTTP Basic > authentication support for client credentials, WWW-Authenticate header, > and the OAuth2 authentication scheme. > o Changed implicit grant (aka user-agent flow) error response from query > to fragment. > o Removed the 'redirect_uri_mismatch' error code since in such a case, the > authorization server must not send the error back to the client. > o Defined access token type registry. > > I would like to spend the coming week receiving and applying feedback > before requesting a WGLC for everything but the security considerations > section (missing) 2/1. > > EHL > > > > > -----Original Message----- > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > > Of Internet-Drafts@ietf.org > > Sent: Thursday, January 20, 2011 4:45 PM > > To: i-d-announce@ietf.org > > Cc: oauth@ietf.org > > Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Open Authentication Protocol Working > > Group of the IETF. > > > > > > Title : The OAuth 2.0 Authorization Protocol > > Author(s) : E. Hammer-Lahav, et al. > > Filename : draft-ietf-oauth-v2-12.txt > > Pages : 46 > > Date : 2011-01-20 > > > > This specification describes the OAuth 2.0 authorization protocol. > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-12.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet- Draft. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt Internet-Drafts
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Mike Jones
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Mike Jones
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Anthony Nadalin
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Justin Richer
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Justin Richer
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Skylar Woodward
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Richer, Justin P.