IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt

Eran Hammer-Lahav <eran@hueniverse.com> Fri, 21 January 2011 05:39 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13D523A68B3 for <oauth@core3.amsl.com>; Thu, 20 Jan 2011 21:39:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.563
X-Spam-Level:
X-Spam-Status: No, score=-2.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yhWQhOX30XsH for <oauth@core3.amsl.com>; Thu, 20 Jan 2011 21:39:12 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id F0CAC3A68BA for <oauth@ietf.org>; Thu, 20 Jan 2011 21:39:11 -0800 (PST)
Received: (qmail 600 invoked from network); 21 Jan 2011 05:41:56 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 21 Jan 2011 05:41:56 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Thu, 20 Jan 2011 22:41:56 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Thu, 20 Jan 2011 22:41:48 -0700
Thread-Topic: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
Thread-Index: Acu5BNSqQ9Z1WAYcQz6B5nxMzQt51AAAHbFwAAobE7A=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <20110121004501.28103.96097.idtracker@localhost> <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2011 05:39:13 -0000

Forgot to mention that I don't have any outstanding comments in my queue so if your feedback was not incorporated into -12, and you feel strongly about it, bring it up again.

EHL

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Eran Hammer-Lahav
> Sent: Thursday, January 20, 2011 4:57 PM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
> 
> Draft -12 is finally out.
> 
> This is almost a complete rewrite of the entire document, with the primary
> goal of moving it back to a similar structure used in -05. I have been thinking
> about this for a few months and finally came up with a structure that
> combines the two approaches.
> 
> The draft includes some major cleanups, significantly simpler language,
> reduces repeated prose, and tried to keep prose to the introduction and
> normative language in the rest of the specification. I took out sections that
> broke the flow, and did my best to give this a linear narrative that is easy to
> follow.
> 
> The draft includes the following normative changes:
> 
>    o  Clarified 'token_type' as case insensitive.
>    o  Authorization endpoint requires TLS when an access token is issued.
>    o  Removed client assertion credentials, mandatory HTTP Basic
> authentication support for client credentials, WWW-Authenticate header,
> and the OAuth2 authentication scheme.
>    o  Changed implicit grant (aka user-agent flow) error response from query
> to fragment.
>    o  Removed the 'redirect_uri_mismatch' error code since in such a case, the
> authorization server must not send the error back to the client.
>    o  Defined access token type registry.
> 
> I would like to spend the coming week receiving and applying feedback
> before requesting a WGLC for everything but the security considerations
> section (missing) 2/1.
> 
> EHL
> 
> 
> 
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Internet-Drafts@ietf.org
> > Sent: Thursday, January 20, 2011 4:45 PM
> > To: i-d-announce@ietf.org
> > Cc: oauth@ietf.org
> > Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Open Authentication Protocol Working
> > Group of the IETF.
> >
> >
> > 	Title           : The OAuth 2.0 Authorization Protocol
> > 	Author(s)       : E. Hammer-Lahav, et al.
> > 	Filename        : draft-ietf-oauth-v2-12.txt
> > 	Pages           : 46
> > 	Date            : 2011-01-20
> >
> > This specification describes the OAuth 2.0 authorization protocol.
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-12.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail reader
> > implementation to automatically retrieve the ASCII version of the
> > Internet- Draft.
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email