[OAUTH-WG] Section 2.1 Client Password Credentials missing normative form
Andrew Arnott <andrewarnott@gmail.com> Sun, 18 July 2010 05:13 UTC
Return-Path: <andrewarnott@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58EF03A68E9 for <oauth@core3.amsl.com>; Sat, 17 Jul 2010 22:13:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[AWL=0.681, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT5oSZcF6-t2 for <oauth@core3.amsl.com>; Sat, 17 Jul 2010 22:13:00 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 622A13A68DA for <oauth@ietf.org>; Sat, 17 Jul 2010 22:13:00 -0700 (PDT)
Received: by iwn38 with SMTP id 38so3821856iwn.31 for <oauth@ietf.org>; Sat, 17 Jul 2010 22:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=6GwoRh9CaNeBPAKNY9ETYqyGiBr8Q7/T7kI0A7EnaM0=; b=Wlg/BuGZhi158ZaBCqFzDGxNZMFB00lfgDKXzAVsDoKVNIplWaMROD2wSlPzcJofWj wx4mfAeStiIrqO/tsVmfMxZd+FedG9GpxJXTzYn5T0O3EuqgGiADEXPjiIjkapTZBj6q lmuOTgqCyPjm93otXXhczG2FLtIDD9iJCRlP0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=f0TFIIpggJMP5/3+oPv7aZCkB3sdcVGSktxzYnFUCZdffkUaQlnnytUUxtq2WSUuyX SlMg5bjUXfn7ifYSw9xE7vWjpkzNhsiFCBhf/mc1Pw3hhQ2sm5HrvrKdJfifXlnOp7jU hqaA9bk2x28XppWSCYvqpcJjABp3TapkF4dBk=
MIME-Version: 1.0
Received: by 10.231.119.229 with SMTP id a37mr2724035ibr.169.1279429993320; Sat, 17 Jul 2010 22:13:13 -0700 (PDT)
Received: by 10.231.154.199 with HTTP; Sat, 17 Jul 2010 22:13:13 -0700 (PDT)
Date: Sat, 17 Jul 2010 22:13:13 -0700
Message-ID: <AANLkTi=Kj6gY3i5jNHOn_UY5z4WT+dLNY3scxsaGCG2s@mail.gmail.com>
From: Andrew Arnott <andrewarnott@gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001636920ccf444fec048ba2829f"
Subject: [OAUTH-WG] Section 2.1 Client Password Credentials missing normative form
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jul 2010 05:13:02 -0000
Section 2.1 of draft 10 lacks a normative form definition of the client_id parameter. It appears only in the example, which itself contains parts not discussed until later in the spec, which some may find confusing. It is also not clear (to me) whether client_id must appear in the POST entity when it appears in the HTTP Basic authorization header since there is no discussion of it. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
- [OAUTH-WG] Section 2.1 Client Password Credential… Andrew Arnott