IETF Logo Mail Archive

Re: [OAUTH-WG] Error registry proposal (round 3)

Mike Jones <Michael.Jones@microsoft.com> Wed, 06 April 2011 21:23 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F9C83A6956 for <oauth@core3.amsl.com>; Wed, 6 Apr 2011 14:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.568
X-Spam-Level:
X-Spam-Status: No, score=-10.568 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTvYF35DliuB for <oauth@core3.amsl.com>; Wed, 6 Apr 2011 14:23:04 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 476DD3A67D3 for <oauth@ietf.org>; Wed, 6 Apr 2011 14:23:04 -0700 (PDT)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 6 Apr 2011 14:24:47 -0700
Received: from TK5EX14MBXC203.redmond.corp.microsoft.com ([169.254.3.38]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.01.0270.002; Wed, 6 Apr 2011 14:24:47 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, OAuth WG <oauth@ietf.org>
Thread-Topic: Error registry proposal (round 3)
Thread-Index: Acvz2lgK8+BMtZK8RZ2KEzyemyZs+QAxcVzg
Date: Wed, 06 Apr 2011 21:24:47 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943252CF7A0@TK5EX14MBXC203.redmond.corp.microsoft.com>
References: <90C41DD21FB7C64BB94121FBBC2E7234465664DED6@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E7234465664DED6@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.72]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943252CF7A0TK5EX14MBXC203r_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Error registry proposal (round 3)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 21:23:13 -0000

Thanks for writing this up, Eran.  I believe that this is a step in the right direction.

Wearing my Bearer Token spec editor hat, I just tried to go through the exercise of editing my document to use the registry in draft 15 to register the errors defined in the bearer token spec and I hit a roadblock.  Specifically, while the errors defined by my spec are returned by resource servers (flow F in Figure 1), the registry defined by draft 15 does not include "resource server error response" in the "error usage location" list.  Can you please add this additional error usage location so that the registry can be used by the bearer token specification?

At that point, I believe we'll be able to close the open issue about the need for an error registry, and I'll update my draft accordingly.

                                                                Thank you,
                                                                -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Eran Hammer-Lahav
Sent: Tuesday, April 05, 2011 3:52 PM
To: OAuth WG
Subject: [OAUTH-WG] Error registry proposal (round 3)


The following is my new proposal, based on Mike Jones' and my earlier proposals. It is basically a combination of the two.



This proposal does not allow defining new error codes unless another extension is involved (new grant type, request parameter, token type). The reason for not defining an open ended error registry is that defining new error codes for existing implementations is bad for interoperability and can lead to unexpected results (developers not taking into account receiving a new error when talking to a compliant 2.0 server). We don't have any use cases for defining such new errors for the v2 specification. New errors only come from extensions and must be defined in that context.



I have applied to changes to the -14 draft and clearly marked them with [[Pending Consensus]] so that there is no issue with removing them or changing them later.



---



Add to the error codes list in sections 4.1.2.1 and 4.2.2.1:


         a 4xx or 5xx HTTP status code (except for 400 and 401)
               The authorization server MAY set the "error" parameter
               value to a numerical HTTP status code from the 4xx or 5xx
               range, with the exception of the 400 (Bad Request) and
               401 (Unauthorized) status codes.  For example, if the
               service is temporarily unavailable, the authorization
               server MAY return an error response with "error" set to
               "503".





Add a new section 8.4:



8.4.  Defining Additional Error Codes



   In cases where protocol extensions (i.e. access token types,

   extension parameters, or extension grant types) require additional

   error codes to be used with the authorization code grant error

   response (Section 4.1.2.1), the implicit grant error response

   (Section 4.2.2.1), or the token error response (Section 5.2), such

   error codes MAY be defined.



   Extension error codes MUST be registered (following the procedures in

   Section 10.3) if the extension they are used in conjunction with is

   registered.  Additional error codes used with unregistered extensions

   MAY be registered.



   Error codes MUST conform to the error-code ABNF, and SHOULD be

   prefixed by an identifying name when possible.  For example, an error

   identifying an invalid value set to the extension parameter "example"

   should be named "example_invalid".





     error-code   = ALPHA *error-char

     error-char   = "-" / "." / "_" / DIGIT / ALPHA





Add a new section 10.3:



10.3.  The OAuth Extensions Error Registry



   This specification establishes the OAuth extensions error registry.



   Additional error codes used together with other protocol extensions

   (i.e. extension grant types, access token types, or extension

   parameters) are registered on the advice of one or more Designated

   Experts (appointed by the IESG or their delegate), with a

   Specification Required (using terminology from [RFC5226]).  However,

   to allow for the allocation of values prior to publication, the

   Designated Expert(s) may approve registration once they are satisfied

   that such a specification will be published.



   Registration requests should be sent to the [TBD]@ietf.org mailing

   list for review and comment, with an appropriate subject (e.g.,

   "Request for error code: example"). [[ Note to RFC-EDITOR: The name

   of the mailing list should be determined in consultation with the

   IESG and IANA.  Suggested name: oauth-ext-review. ]]



   Within at most 14 days of the request, the Designated Expert(s) will

   either approve or deny the registration request, communicating this

   decision to the review list and IANA.  Denials should include an

   explanation and, if applicable, suggestions as to how to make the

   request successful.



   Decisions (or lack thereof) made by the Designated Expert can be

   first appealed to Application Area Directors (contactable using

   app-ads@tools.ietf.org<mailto:app-ads@tools.ietf.org> email address or directly by looking up their

   email addresses on http://www.iesg.org/ website) and, if the

   appellant is not satisfied with the response, to the full IESG (using

   the iesg@iesg.org<mailto:iesg@iesg.org> mailing list).



   IANA should only accept registry updates from the Designated

   Expert(s), and should direct all requests for registration to the

   review mailing list.



10.3.1.  Registration Template



   Error name:

      The name requested (e.g., "example").

   Error usage location:

      The location(s) where the error can be used.  The possible

      locations are: authorization code grant error response

      (Section 4.1.2.1), implicit grant error response

      (Section 4.2.2.1), or token error response (Section 5.2).

   Related protocol extension:

      The name of the extension grant type, access token type, or

      extension parameter, the error code is used in conjunction with.

   Change controller:

      For standards-track RFCs, state "IETF".  For others, give the name

      of the responsible party.  Other details (e.g., postal address,

      e-mail address, home page URI) may also be included.

   Specification document(s):

      Reference to document that specifies the error code, preferably

      including a URI that can be used to retrieve a copy of the

      document.  An indication of the relevant sections may also be

      included, but is not required.

v2.23.0 | Report a Bug | By Email