On Fri, Apr 2, 2010 at 12:00 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Because of how we send parameters. Most of the problems we had with > 1.0 involved encoding issues. We just need to find a good way of > explaining it. > > These are the characters allowed in Uris and form encoded bodies.
Of course, but when you create the message you have to URL encode all the name/value pairs, a library would do that for you. But the value itself does not have to be restricted. Are we trying to allow for naive encodings where you just string together the names and values with some delimiters? I don't think that will help at all, you are just pushing the need to encode from the library out to the client code. And since the encoding now is not specified you have a real interop issue IMO. Marius > > EHL > > On Apr 2, 2010, at 12:35, "Marius Scurtescu" <mscurte...@google.com> > wrote: > >> On Thu, Apr 1, 2010 at 10:10 PM, Eran Hammer-Lahav <e...@hueniverse.com >> > wrote: >>> The current draft allows the following characters: >>> >>> value-char = ALPHA / DIGIT / "-" / "." / "_" / "~" / "%" >>> >>> Which means a utf-8 string will need to be encoded somehow. Should >>> it be >>> percent-encoded? Something else? >> >> Why do we have this limitation (sorry if I missed a discussion >> around this)? >> >> Usernames and password, for example, are guaranteed to have problems. >> I think it is much better for the protocol/libraries to take care of >> encoding/decoding. >> >> Marius >> >>> >>> EHL >>> >>> >>> On 4/1/10 10:00 PM, "Marius Scurtescu" <mscurte...@google.com> wrote: >>> >>> On Thu, Apr 1, 2010 at 9:54 PM, Eran Hammer-Lahav <e...@hueniverse.com >>> > >>> wrote: >>>> What is the assertion format? Binary? XML? Should the library >>>> encode it? >>>> Is >>>> the application using the library responsible for providing it >>>> with a >>>> URI-safe string? >>> >>> UTF-8 string I guess, the rest should not matter. >>> >>> Marius >>> >>> > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
