Re: [OAUTH-WG] HTTP responses
Werner Strydom <werners@bloudraak.com> Wed, 28 March 2012 03:33 UTC
Return-Path: <werners@bloudraak.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F398621E801A for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 20:33:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mbEO7IbA6Bj for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 20:33:33 -0700 (PDT)
Received: from psmtp.com (na3sys009aog127.obsmtp.com [74.125.149.107]) by ietfa.amsl.com (Postfix) with ESMTP id D233121E80FE for <oauth@ietf.org>; Tue, 27 Mar 2012 20:33:18 -0700 (PDT)
Received: from bloudraak.com ([66.209.67.179]) by na3sys009aob127.postini.com ([74.125.148.12]) with SMTP ID DSNKT3KGfoX32OuGkBNV62vlDv6XnqR0sNPa@postini.com; Tue, 27 Mar 2012 20:33:18 PDT
Received: from [172.16.1.102] (c-98-207-173-190.hsd1.ca.comcast.net [98.207.173.190]) by bloudraak.com (Postfix) with ESMTPSA id 23C03257D92; Tue, 27 Mar 2012 20:28:06 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: Werner Strydom <werners@bloudraak.com>
In-Reply-To: <4008FD89-8DCA-414E-A92D-97EB377BEAA5@mitre.org>
Date: Tue, 27 Mar 2012 20:28:05 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <792D4CD7-4F56-4F4D-8450-D02A875583A1@bloudraak.com>
References: <D283E4FA-2F01-4E3A-9B2A-64AC89DAF7B8@bloudraak.com> <4008FD89-8DCA-414E-A92D-97EB377BEAA5@mitre.org>
To: "Richer, Justin P." <jricher@mitre.org>
X-Mailer: Apple Mail (2.1257)
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] HTTP responses
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 03:33:34 -0000
Justin, I had a quick look. You may want to include "text/xml" as a valid xml media type since it is widely used. Additional things to consider includes using XML Schema (XSD) to describe the XML documents. It may also be useful to investigate with one should use XML namespaces or custom media types to differentiate OAuth 2.0 responses from other xml documents. For example, I'm writing a REST service which returns HTTP status 400 when invalid data was passed. The resulting document is in "text/xml" format yet conforms to a very different schema than the proposed OAuth xml documents. How do we make this really simple for clients to know what is coming down the line? This makes one wonder why the standard proposes we should return 400 when in reality is should return 403 (Forbidden) when you are not authorized. Thanks, Werner
- [OAUTH-WG] HTTP responses Werner Strydom
- Re: [OAUTH-WG] HTTP responses Richer, Justin P.
- Re: [OAUTH-WG] HTTP responses Werner Strydom
- Re: [OAUTH-WG] HTTP responses Martin Thomson