IETF Logo Mail Archive

Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Nat Sakimura <sakimura@gmail.com> Wed, 09 May 2012 22:59 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F12A11E80D1 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKxgmYvEqnoj for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:59:33 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5BC3611E8086 for <oauth@ietf.org>; Wed, 9 May 2012 15:59:33 -0700 (PDT)
Received: by bkty8 with SMTP id y8so859691bkt.31 for <oauth@ietf.org>; Wed, 09 May 2012 15:59:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type; bh=YbgzlAu8RONvaq+s9ReorW/It2IYsmiqa7b7bHL0STY=; b=Ikf9HzwWl+tDcrbH+UxttC3kcoH6dcLcQYrYAQDNQrX8L3MgT0vI3GrTiSxV2Y6Eso vtkuENRgv2fkiPUHVTew/JJ+G+UzcrxadKT1hr69iO4OgSmzXFvElQPWdQpw0Bh5Ish6 0klymTI7wXJJ7gYL8t9qaT2Bg5IdA3iTFhAkvKqmH8nvRUDJgxwsP+jl4LM2yZG25QUE TvGK2Y+593NtQX9oAHZne5HvF7W2MmAyN135vcnpi4vUdOa3SnRoQazjL8Mr7RqxDCW8 HSwK03hG7Wo0t1Bs7Aln4r77hRYHOzPpe69PlKXWDoc957S05u7m+mKviaT/mwMo4je8 OHiw==
Received: by 10.204.151.200 with SMTP id d8mr769281bkw.82.1336604372288; Wed, 09 May 2012 15:59:32 -0700 (PDT)
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <1336601896.10694.YahooMailNeo@web31807.mail.mud.yahoo.com>
From: Nat Sakimura <sakimura@gmail.com>
In-Reply-To: <1336601896.10694.YahooMailNeo@web31807.mail.mud.yahoo.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 10 May 2012 00:59:35 +0200
Message-ID: <513620288134878108@unknownmsgid>
To: William Mills <wmills@yahoo-inc.com>
Content-Type: multipart/alternative; boundary="0015175cba84d0c67604bfa2741c"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:59:34 -0000

+1 for the consistency.

Nat Sakimura

On 2012/05/10, at 0:18, William Mills <wmills@yahoo-inc.com> wrote:

+1

  ------------------------------
*From:* Mike Jones <Michael.Jones@microsoft.com>
*To:* Hannes Tschofenig <hannes.tschofenig@gmx.net>; "oauth@ietf.org WG" <
oauth@ietf.org>
*Sent:* Wednesday, May 9, 2012 3:15 PM
*Subject:* Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
Spec

2) Consistent syntax across both OAuth specs.

                -- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, May 09, 2012 3:07 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hi all,

another issue that came up in Sean's IESG review was about the encoding of
the error / error_description / error_uri in the base and in the bearer
specification.

As mentioned in my earlier mail about the registry for the error codes
there are three error fields defined in the two specification and the error
/ error_description / error_uri fields are allowed to appear in different
parts of an HTTP message.
Depending on where they show up different encoding restrictions apply.

For the core specification these error fields may appear in the
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header.
Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says
'values for the "error" and "error_description" attributes MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.'

Now, here is the question. While these errors are essentially copied over
from one spec to the other the different encoding restrictions make them
different. Do we want different encodings of errors in the two documents?

So, I see two options:

1) Leave the encoding as it is. This means the encoding of the error /
error_description / error_uri in the two specifications is different.

2) Harmonize the encoding between the two specifications by incorporating
the restrictions from the bearer specification into the base specification.

Please indicate your preference by the end of next week (18th May 2012).

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


  _______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email