Forgot to mention that I don't have any outstanding comments in my queue so if your feedback was not incorporated into -12, and you feel strongly about it, bring it up again.
EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Eran Hammer-Lahav > Sent: Thursday, January 20, 2011 4:57 PM > To: oauth@ietf.org > Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > Draft -12 is finally out. > > This is almost a complete rewrite of the entire document, with the primary > goal of moving it back to a similar structure used in -05. I have been > thinking > about this for a few months and finally came up with a structure that > combines the two approaches. > > The draft includes some major cleanups, significantly simpler language, > reduces repeated prose, and tried to keep prose to the introduction and > normative language in the rest of the specification. I took out sections that > broke the flow, and did my best to give this a linear narrative that is easy > to > follow. > > The draft includes the following normative changes: > > o Clarified 'token_type' as case insensitive. > o Authorization endpoint requires TLS when an access token is issued. > o Removed client assertion credentials, mandatory HTTP Basic > authentication support for client credentials, WWW-Authenticate header, > and the OAuth2 authentication scheme. > o Changed implicit grant (aka user-agent flow) error response from query > to fragment. > o Removed the 'redirect_uri_mismatch' error code since in such a case, the > authorization server must not send the error back to the client. > o Defined access token type registry. > > I would like to spend the coming week receiving and applying feedback > before requesting a WGLC for everything but the security considerations > section (missing) 2/1. > > EHL > > > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of internet-dra...@ietf.org > > Sent: Thursday, January 20, 2011 4:45 PM > > To: i-d-annou...@ietf.org > > Cc: oauth@ietf.org > > Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Open Authentication Protocol Working > > Group of the IETF. > > > > > > Title : The OAuth 2.0 Authorization Protocol > > Author(s) : E. Hammer-Lahav, et al. > > Filename : draft-ietf-oauth-v2-12.txt > > Pages : 46 > > Date : 2011-01-20 > > > > This specification describes the OAuth 2.0 authorization protocol. > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-12.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet- Draft. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
