IETF Logo Mail Archive

Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

George Fletcher <gffletch@aol.com> Thu, 10 May 2012 01:37 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D559911E80E4 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 18:37:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYyPQA5kkRtJ for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 18:37:28 -0700 (PDT)
Received: from imr-ma02.mx.aol.com (imr-ma02.mx.aol.com [64.12.206.40]) by ietfa.amsl.com (Postfix) with ESMTP id E95F811E80AA for <oauth@ietf.org>; Wed, 9 May 2012 18:37:27 -0700 (PDT)
Received: from mtaout-mb01.r1000.mx.aol.com (mtaout-mb01.r1000.mx.aol.com [172.29.41.65]) by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id q4A1bK6P015735; Wed, 9 May 2012 21:37:20 -0400
Received: from palantir.local (unknown [10.172.3.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 21A2BE0000B4; Wed, 9 May 2012 21:37:20 -0400 (EDT)
Message-ID: <4FAB1BCD.1050804@aol.com>
Date: Wed, 09 May 2012 21:37:17 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
In-Reply-To: <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------080209030702090308060303"
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1336613840; bh=dEib74jCDWaItkknRAfQjX21TBM8/4k7K6BpGbpNWf4=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=yF0sRmhh4bssAp0EJks48Eh07TxRfYKbahiw32IvSV99lsGk0TCLpIDx7BIPmusNF 62CLTnMkUkmrGXAJXosva09fL0J++60IIXm5vnMFHKsTyZxciVlEwt4ZyaMZeSM5pP cAAiplQxJ9DIL1zhPah4hpDKJ6w1NRf+ABIZcknE=
X-AOL-SCOLL-SCORE: 0:2:469829760:93952408
X-AOL-SCOLL-URL_COUNT: 0
x-aol-sid: 3039ac1d29414fab1bd03a16
X-AOL-IP: 10.172.3.55
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 01:37:28 -0000

+1

On 5/9/12 6:27 PM, John Bradley wrote:
> Consistent syntax across bearer, core and MAC.
>
> That wasn't one of the options:)
>
> John B.
> On 2012-05-09, at 6:06 PM, Hannes Tschofenig wrote:
>
>> Hi all,
>>
>> another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification.
>>
>> As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message.
>> Depending on where they show up different encoding restrictions apply.
>>
>> For the core specification these error fields may appear in the
>> * body of the HTTP message (encoded in JSON)
>> * parameters to the query component of the redirection URI (using the
>>   "application/x-www-form-urlencoded" format)
>>
>> For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
>>
>> Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?
>>
>> So, I see two options:
>>
>> 1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different.
>>
>> 2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification.
>>
>> Please indicate your preference by the end of next week (18th May 2012).
>>
>> Ciao
>> Hannes
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Chief Architect                   AIM:  gffletch
Identity Services Engineering     Work: george.fletcher@teamaol.com
AOL Inc.                          Home: gffletch@aol.com
Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch

v2.23.0 | Report a Bug | By Email