IETF Logo Mail Archive

[OAUTH-WG] -11

Eran Hammer-Lahav <eran@hueniverse.com> Wed, 01 December 2010 07:10 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E932F3A6D14 for <oauth@core3.amsl.com>; Tue, 30 Nov 2010 23:10:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level:
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOx+Fb+2dJLm for <oauth@core3.amsl.com>; Tue, 30 Nov 2010 23:10:36 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id 21B6428C0E8 for <oauth@ietf.org>; Tue, 30 Nov 2010 22:52:21 -0800 (PST)
Received: (qmail 9253 invoked from network); 1 Dec 2010 06:53:23 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 1 Dec 2010 06:53:23 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Tue, 30 Nov 2010 23:53:23 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: OAuth WG <oauth@ietf.org>
Date: Tue, 30 Nov 2010 23:53:32 -0700
Thread-Topic: -11
Thread-Index: AcuRI/DsdSKDDtSpSoyGSmkQj/ZEGA==
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343D4B06593E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [OAUTH-WG] -11
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2010 07:10:38 -0000

I didn't get to finish the editorial changes I want to make so I pushed the incomplete but stable draft out as -11. This includes all the normative language changes the group agreed on, as well as all the feedback I had for -10. The remaining editorial work should not change any implementation details. It will just impact the document organization.

Changes in -11 include:

   -11

   o  Many editorial changes.  Fixed user authorization section
      structure.  Removed unused normative references.  Adjusted
      language regarding single use of authorization codes.

   o  Fixed header ABNF.

   o  Change access token description from shared symmetric secret to
      password.

   o  Moved access grant 'none' to a separate section, renamed to
      'client_credentials'.

   o  Demoted the HTTP status code requirement from MUST to SHOULD in
      protected resource response error.

   o  Removed 'expired_token' error code.

   o  Moved all the 'code_and_token' parameter to the fragment (from
      code being in the query).

   o  Removed 'assertion_type' parameter (moved to 'grant_type').

   o  Added note about redirecting to invalid redirection URIs (open
      redirectors).

   o  Removed bearer token section, added new required 'token_type'
      parameter with extensibility.

   o  'error-uri' parameter value changed to absolute URI.

   o  OAuth 2.0 HTTP authentication scheme name changed to 'OAuth2'.

   o  Dropped the 'WWW-Authenticate' header field 'realm' parameter.

   o  Removed definition of access token characters.

   o  Added instructions for dealing with error and an invalid
      redirection URI.

Please provide feedback and review the document fully, even with the pending editorial changes. IOW, please consider this document the final draft (pre-WG last call) for all normative/implementation language.

EHL

v2.23.0 | Report a Bug | By Email