On Mon, Aug 22, 2011 at 1:53 PM, Barry Leiba <barryle...@computer.org> wrote: > I intend to add the following to the response to this item: > "The working group understands that client code needs to know whether > to use and decode percent-encoding. The issue is being discussed and > tracked, and will be resolved before the final version of the bearer > document is produced."
For confirmation: Murray Kucherawy, our liaison to OMA, delivered our response yesterday (Tuesday, 23 August), and OMA has acknowledged it. They thank us for our prompt response. Barry, as chair > ----------------------------------------------------------------- > > The IETF OAuth working group thanks OMA ARC SEC for the liaison > statement titled "OAuth discovery and specification availability", > dated 18 July 2011. > > The OMA liaison statement asks the OAuth working group to address five > issues, and our answers are as follows: > > • Availability of the IETF OAuth specifications: especially > [draft-ietf-oauth-v2] and [draft-ietf-oauth-v2-bearer], and also > [draft-hammer-oauth-v2-mac-token], > [draft-lodderstedt-oauth-revocation] and [draft-recordon-oauth-v2-ux]. > > Answer: > The IETF cannot guarantee publication dates, but we can give some > best-guess timeframes. At this writing, draft-ietf-oauth-v2 and > draft-ietf-oauth-v2-bearer have completed Working Group last call and > are undergoing their final revisions before being sent to the IESG. > We expect the final versions of those documents to be in the RFC > Editor queue around the end of September, though it could be later if > issues come up in IETF-wide last call or during IESG evaluation. The > draft-hammer-oauth-v2-mac-token document has been replaced by > draft-ietf-oauth-v2-http-mac, which is a working group document. It > is likely to be in the RFC Editor queue by the end of the year. > > The remaining two documents are not working group documents, and the > working group can say nothing about their status. The OAuth working > group intends to revise its charter in the November timeframe, and > it's possible that one or both of those documents could be adopted by > the working group at that time, and we could have further information > about target publication dates then. > > • Availability of the OAuth Parameters Registry > > Answer: > The draft-ietf-oauth-v2 document establishes the OAuth Parameters > Registry (in section 11.2, as of draft version 20). The registry will > be available when the RFC is published, which will be some time after > the document goes into the RFC Editor queue, depending upon the RFC > Editor's load at the time. > > • IETF intent to specify an OAuth Discovery mechanism > > Answer: > There is interest among OAuth working group participants for > specifying such a mechanism, but the work is not in the current > charter. It will likely be considered during the aforementioned > charter update in (approximately) November. > > • Considerations that can help implementors decide about the type of > OAuth access token to deploy. > > Answer: > There is no current work planned, but documents with such > implementation advice might also be considered during the rechartering > discussion. > > • For bearer tokens: clarification whether the non-support of percent > encoding for scope-v element of WWW-Authenticate Response Header Field > grammar is intentional. > > Answer: > In the bearer token document (Section 2.4 of > draft-ietf-oauth-v2-bearer-08, "The WWW-Authenticate Response Header > Field"), the "scope-v" element is unambiguously defined to allow a > specific set of characters. That set of characters does permit, but > does not mandate, support for percent-encoding of characters. > > ----------------------------------------------------------------- _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
