Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

William Mills <wmills@yahoo-inc.com> Thu, 20 October 2011 15:36 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85CCC21F8C71 for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 08:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.398
X-Spam-Level:
X-Spam-Status: No, score=-17.398 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPm2Yp3GlRMf for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 08:36:30 -0700 (PDT)
Received: from nm32-vm3.bullet.mail.ne1.yahoo.com (nm32-vm3.bullet.mail.ne1.yahoo.com [98.138.229.51]) by ietfa.amsl.com (Postfix) with SMTP id 902EE21F8C6E for <oauth@ietf.org>; Thu, 20 Oct 2011 08:36:30 -0700 (PDT)
Received: from [98.138.90.51] by nm32.bullet.mail.ne1.yahoo.com with NNFMP; 20 Oct 2011 15:36:22 -0000
Received: from [98.138.87.7] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 20 Oct 2011 15:36:22 -0000
Received: from [127.0.0.1] by omp1007.mail.ne1.yahoo.com with NNFMP; 20 Oct 2011 15:36:22 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 766531.86338.bm@omp1007.mail.ne1.yahoo.com
Received: (qmail 80873 invoked by uid 60001); 20 Oct 2011 15:36:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1319124982; bh=AC8aGze6BwvTVIALVaW5RJoSjL1qvuWNYjWDSBfOdac=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=hyIJ9Ih90Z5/jY5MTKyL+5P7ialhgVqhrlhmz2fiX+apG7S+v6f0JoeKNjSASJIqrHlq8/wp778JgPV85yJe8+UzDcGttX3Au4+HJJZUndshbEAhLyhrC15eHG8vRxl7oh89dL2K/dSP/Mm4F03JbE4YXtevKjuEd+xjbQaSBRo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=egxMfxPK1D1Exl7EY1rAN97Y7vRZnQXCHCuIcK12jPWJmaTRlo+A7tHCygRUzjitqZNndUdz6KYPjakSkNx2F1ziRnoTC0jhi9hryizuP503mKiOH6q/9jYWF5630JIHwW3s8dAT/lM8bFAAfeOMLnnJtEq5k60RFOuURoHMsD8=;
X-YMail-OSG: CgIUH6IVM1k8I3IHVtk9TFw0skCxJRBmxUiqZGKWXJHYld7 S.Z.nxzP4y02mikf6wkqZGaxqbeVZN_RbhJdqSuZJvAUJezWYjlxuSP2komu Ixt4fMYPd6jDEe4qhZOMDfiISnC9dKx0O7i90l0QIYE2RZVcwhBAHqDQYsXR Xs3IGLy3hQK0xiteqJ61TQrRRiqyVxl9x_5qTvWbTtcLVjhRFSQU7aJ5pZyq nAGKMlX2FX5EAvYD1SV4EwD5Xzz.kr.fhqAJMOZF3tYT9tt5V2dgnN1irCWj 9iMC2q4PDIhJ5_1kYesMmCfin_KZjXDt6KOnW_d8Y4FHBZJk5Fw3YJHTzkMw JfCi5PRvYk8Za8KZsuF.ifs2MDQy7Hda_gjtgAK7GmAnanX7F6hGnmTF8UUT JDqOiBjhvf9Q-
Received: from [99.31.212.42] by web31812.mail.mud.yahoo.com via HTTP; Thu, 20 Oct 2011 08:36:22 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.115.325013
References: <4E1F6AAD24975D4BA5B16804296739435C24B1CA@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FC9FA.8030001@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C24CAE6@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E9FCFA4.7050706@gmx.de>
Message-ID: <1319124982.70621.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Thu, 20 Oct 2011 08:36:22 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Julian Reschke <julian.reschke@gmx.de>, Mike Jones <Michael.Jones@microsoft.com>
In-Reply-To: <4E9FCFA4.7050706@gmx.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1663701383-1319124982=:70621"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 15:36:31 -0000

Shouldn't the scope definition here refer to the scope definition in the core spec?



________________________________
From: Julian Reschke <julian.reschke@gmx.de>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Sent: Thursday, October 20, 2011 12:37 AM
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

On 2011-10-20 09:14, Mike Jones wrote:
> Can you recommend specific wording changes to address both issues?


2.2: "The entity-body is encoded using the "application/x-www-form-urlencoded" media type (Section 17.13.4 of [W3C.REC-html401-19991224]), applied to the UTF-8 [RFC3629] encoded forms of the parameter values."

Note 1: HTML4 ignores the encoding issue; this is a case where a reference to HTML5 would actually help in practice.

Note 2: I prefer refs in the form of [REC-html] or [HTML] rather than [W3C.REC-html401-19991224]...


2.4: As stated earlier, just define all those parameters to be "token / quoted-string", and then constrain the values further separately, such as:

"The value of the scope parameter, after potential quoted-string unquoting, contains a set of single-SP delimited scope values." Each scope value is restricted to

  scope-val-char  = %x21 / %x23-5B / %x5D-7E
  ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
"

etc.

Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth