Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Wed, 09 May 2012 15:18:29 -0700 

+1




>________________________________
> From: Mike Jones <michael.jo...@microsoft.com>
>To: Hannes Tschofenig <hannes.tschofe...@gmx.net>; "oauth@ietf.org WG" 
><oauth@ietf.org> 
>Sent: Wednesday, May 9, 2012 3:15 PM
>Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
> 
>2) Consistent syntax across both OAuth specs.
>
>                -- Mike
>
>-----Original Message-----
>From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of 
>Hannes Tschofenig
>Sent: Wednesday, May 09, 2012 3:07 PM
>To: oauth@ietf.org WG
>Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
>
>Hi all, 
>
>another issue that came up in Sean's IESG review was about the encoding of the 
>error / error_description / error_uri in the base and in the bearer 
>specification. 
>
>As mentioned in my earlier mail about the registry for the error codes there 
>are three error fields defined in the two specification and the error / 
>error_description / error_uri fields are allowed to appear in different parts 
>of an HTTP message. 
>Depending on where they show up different encoding restrictions apply. 
>
>For the core specification these error fields may appear in the 
>* body of the HTTP message (encoded in JSON)
>* parameters to the query component of the redirection URI (using the
>  "application/x-www-form-urlencoded" format)
>
>For the bearer specification these error fields appear in the HTTP header. 
>Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 
>'values for the "error" and "error_description" attributes MUST NOT include 
>characters outside the set %x20-21 / %x23-5B / %x5D-7E.' 
>
>Now, here is the question. While these errors are essentially copied over from 
>one spec to the other the different encoding restrictions make them different. 
>Do we want different encodings of errors in the two documents?
>
>So, I see two options: 
>
>1) Leave the encoding as it is. This means the encoding of the error / 
>error_description / error_uri in the two specifications is different. 
>
>2) Harmonize the encoding between the two specifications by incorporating the 
>restrictions from the bearer specification into the base specification. 
>
>Please indicate your preference by the end of next week (18th May 2012). 
>
>Ciao
>Hannes
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to