Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
Eran Hammer <eran@hueniverse.com> Thu, 10 May 2012 02:20 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6273E11E80B0 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 19:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvcen6k3wWQg for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 19:20:16 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAB111E80AF for <oauth@ietf.org>; Wed, 9 May 2012 19:20:16 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id 82LG1j0020CJzpC012LGPQ; Wed, 09 May 2012 19:20:16 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Wed, 9 May 2012 19:20:15 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Eran Hammer <eran@hueniverse.com>, Peter Saint-Andre <stpeter@stpeter.im>
Thread-Topic: [OAUTH-WG] Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9wASQ9wAAA6RlzAAHKl98A==
Date: Thu, 10 May 2012 02:20:15 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010271DF@P3PWEX2MB008.ex2.secureserver.net>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net> <4FAB1C04.80101@stpeter.im> <0CBAEB56DDB3A140BA8E8C124C04ECA201027144@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201027144@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Barry Leiba (barryleiba@computer.org)" <barryleiba@computer.org>, "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 02:20:17 -0000
On 4/10/12 8:25 PM, Mike Jones wrote: --- About your issue 2: Investigating the OAuth Errors Registry a bit further (see http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-11.4.1) while I'd like to be able to register the OAuth Bearer errors in this registry, what I believe to be a defect in the errors registry text currently prevents this. Specifically, the registry enumerates only three "Error usage location" values: authorization code grant error response, implicit grant error response, and token error response. To be able to use this registry, it would also have to have a fourth usage location: "resource access error response". If you'd like to file an issue against the OAuth Core spec to get this additional usage location added to the registry, then I'd be glad to use it. I believe that this would be significantly preferable to adding a separate OAuth Bearer errors registry that's exactly like the general-purpose one, only separate from it. --- This doesn't sound like an editor reflecting working group consensus... The design committee concluded its work mid-May 2011. Draft -16 reflected the changed proposed by the committee. Barry's notes at the conclusion of the design committee 5/17/11: > #10, error registry: > Marc, Julian, PSA commented on Eran's post to httpbis list. > No objection, no strong opinion, not sure it's needed. Separate > header better than using error codes. > PROPOSAL: Bearer doc specifies how it handles error conditions, and > there is no registry now. A future doc that uses Bearer as a base can > create a registry if needed. Agreement on the call with this. So the actual feedback was that the error parameter wasn't necessarily the best choice for returning error in the first place, that it was not necessarily the right general purpose mechanism, but that no harm was done by allowing bearer to keep it and try it out. The intention was clearly to leave things be and see how people are using it. Then if someone actually wants to extend it (at the time we had no use cases for extending bearer error codes), they can create the registry. Bottom line: this exact issue was intensely debated and reached a conclusion after 3 months of debates. The chair made a clear consensus call. Issue was closed until Mike Jones declare it as a "defect in the errors registry text" without providing much context. When I provided this context to Sean Turner, he closed the same issue raised against the core specification in his discuss. EH > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Eran Hammer > Sent: Wednesday, May 09, 2012 6:42 PM > To: Peter Saint-Andre > Cc: oauth@ietf.org WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors > > I'm just looking at the parts copied to the list and in the tracker. I haven't > actually seen much response coming from Russ. I did reach out to him > directly to see if the discuss can be resolve without further action. > > EH > > > -----Original Message----- > > From: Peter Saint-Andre [mailto:stpeter@stpeter.im] > > Sent: Wednesday, May 09, 2012 6:38 PM > > To: Eran Hammer > > Cc: oauth@ietf.org WG (oauth@ietf.org) > > Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors > > > > On 5/9/12 6:17 PM, Eran Hammer wrote: > > > > > All Russ was asking for is an explanation. Instead, he was told > > > there was no good reason and that it should be changed. That was > > > clearly not an honest representation of clear working group > > > consensus from over 10 months ago which was achieved at great effort. > > > > Was it presented this way in the proto write-up or verbally on an IESG > > telechat or in some other way? Just curious to figure out where things > > went awry here... > > > > Peter > > > > -- > > Peter Saint-Andre > > https://stpeter.im/ > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Bearer token DISCUSS items related to … Eran Hammer
- Re: [OAUTH-WG] Bearer token DISCUSS items related… Mike Jones
- Re: [OAUTH-WG] Bearer token DISCUSS items related… Eran Hammer
- Re: [OAUTH-WG] Bearer token DISCUSS items related… Peter Saint-Andre
- Re: [OAUTH-WG] Bearer token DISCUSS items related… Eran Hammer
- Re: [OAUTH-WG] Bearer token DISCUSS items related… Eran Hammer