Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Mike Jones <Michael.Jones@microsoft.com> Thu, 20 October 2011 07:41 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7865D21F8ACC for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 00:41:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.079
X-Spam-Level:
X-Spam-Status: No, score=-10.079 tagged_above=-999 required=5 tests=[AWL=0.520, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ra6lIfHxqnlP for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 00:41:36 -0700 (PDT)
Received: from smtp.microsoft.com (mailc.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id 05E9221F84D7 for <oauth@ietf.org>; Thu, 20 Oct 2011 00:41:36 -0700 (PDT)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (157.54.80.25) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 20 Oct 2011 00:41:35 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.243]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.01.0339.002; Thu, 20 Oct 2011 00:41:35 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Thread-Index: AcyOuBvrce+R9JZJS5GdKjqOZuv3GwAekJcAAA6gPVD//5G+AIAAdPAw
Date: Thu, 20 Oct 2011 07:41:34 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24CBB6@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C24B1CA@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FC9FA.8030001@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C24CAE6@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FCFA4.7050706@gmx.de>
In-Reply-To: <4E9FCFA4.7050706@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 07:41:36 -0000
Your proposed wording for 2.4 misses the point: \ MUST NOT occur at all in the input string. No quoting may occur. Care to suggest other wording that recognizes this point but still addresses the issue you raise? -- Mike -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de] Sent: Thursday, October 20, 2011 12:37 AM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10 On 2011-10-20 09:14, Mike Jones wrote: > Can you recommend specific wording changes to address both issues? 2.2: "The entity-body is encoded using the "application/x-www-form-urlencoded" media type (Section 17.13.4 of [W3C.REC-html401-19991224]), applied to the UTF-8 [RFC3629] encoded forms of the parameter values." Note 1: HTML4 ignores the encoding issue; this is a case where a reference to HTML5 would actually help in practice. Note 2: I prefer refs in the form of [REC-html] or [HTML] rather than [W3C.REC-html401-19991224]... 2.4: As stated earlier, just define all those parameters to be "token / quoted-string", and then constrain the values further separately, such as: "The value of the scope parameter, after potential quoted-string unquoting, contains a set of single-SP delimited scope values." Each scope value is restricted to scope-val-char = %x21 / %x23-5B / %x5D-7E ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII " etc. Best regards, Julian
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- [OAUTH-WG] choice of credentials syntax, was: OAu… Julian Reschke
- [OAUTH-WG] OAuth 2.0 Bearer Token Specification D… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… William Mills
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Julian Reschke
- Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specificati… Mike Jones