Draft -12 is finally out. This is almost a complete rewrite of the entire document, with the primary goal of moving it back to a similar structure used in -05. I have been thinking about this for a few months and finally came up with a structure that combines the two approaches.
The draft includes some major cleanups, significantly simpler language, reduces repeated prose, and tried to keep prose to the introduction and normative language in the rest of the specification. I took out sections that broke the flow, and did my best to give this a linear narrative that is easy to follow. The draft includes the following normative changes: o Clarified 'token_type' as case insensitive. o Authorization endpoint requires TLS when an access token is issued. o Removed client assertion credentials, mandatory HTTP Basic authentication support for client credentials, WWW-Authenticate header, and the OAuth2 authentication scheme. o Changed implicit grant (aka user-agent flow) error response from query to fragment. o Removed the 'redirect_uri_mismatch' error code since in such a case, the authorization server must not send the error back to the client. o Defined access token type registry. I would like to spend the coming week receiving and applying feedback before requesting a WGLC for everything but the security considerations section (missing) 2/1. EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of internet-dra...@ietf.org > Sent: Thursday, January 20, 2011 4:45 PM > To: i-d-annou...@ietf.org > Cc: oauth@ietf.org > Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Open Authentication Protocol Working Group > of the IETF. > > > Title : The OAuth 2.0 Authorization Protocol > Author(s) : E. Hammer-Lahav, et al. > Filename : draft-ietf-oauth-v2-12.txt > Pages : 46 > Date : 2011-01-20 > > This specification describes the OAuth 2.0 authorization protocol. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-12.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the Internet- > Draft. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
