On 4/10/12 8:25 PM, Mike Jones wrote: --- About your issue 2: Investigating the OAuth Errors Registry a bit further (see http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-11.4.1) while I'd like to be able to register the OAuth Bearer errors in this registry, what I believe to be a defect in the errors registry text currently prevents this. Specifically, the registry enumerates only three "Error usage location" values: authorization code grant error response, implicit grant error response, and token error response. To be able to use this registry, it would also have to have a fourth usage location: "resource access error response". If you'd like to file an issue against the OAuth Core spec to get this additional usage location added to the registry, then I'd be glad to use it. I believe that this would be significantly preferable to adding a separate OAuth Bearer errors registry that's exactly like the general-purpose one, only separate from it. ---
This doesn't sound like an editor reflecting working group consensus... The design committee concluded its work mid-May 2011. Draft -16 reflected the changed proposed by the committee. Barry's notes at the conclusion of the design committee 5/17/11: > #10, error registry: > Marc, Julian, PSA commented on Eran's post to httpbis list. > No objection, no strong opinion, not sure it's needed. Separate > header better than using error codes. > PROPOSAL: Bearer doc specifies how it handles error conditions, and > there is no registry now. A future doc that uses Bearer as a base can > create a registry if needed. Agreement on the call with this. So the actual feedback was that the error parameter wasn't necessarily the best choice for returning error in the first place, that it was not necessarily the right general purpose mechanism, but that no harm was done by allowing bearer to keep it and try it out. The intention was clearly to leave things be and see how people are using it. Then if someone actually wants to extend it (at the time we had no use cases for extending bearer error codes), they can create the registry. Bottom line: this exact issue was intensely debated and reached a conclusion after 3 months of debates. The chair made a clear consensus call. Issue was closed until Mike Jones declare it as a "defect in the errors registry text" without providing much context. When I provided this context to Sean Turner, he closed the same issue raised against the core specification in his discuss. EH > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Eran Hammer > Sent: Wednesday, May 09, 2012 6:42 PM > To: Peter Saint-Andre > Cc: oauth@ietf.org WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors > > I'm just looking at the parts copied to the list and in the tracker. I haven't > actually seen much response coming from Russ. I did reach out to him > directly to see if the discuss can be resolve without further action. > > EH > > > -----Original Message----- > > From: Peter Saint-Andre [mailto:stpe...@stpeter.im] > > Sent: Wednesday, May 09, 2012 6:38 PM > > To: Eran Hammer > > Cc: oauth@ietf.org WG (oauth@ietf.org) > > Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors > > > > On 5/9/12 6:17 PM, Eran Hammer wrote: > > > > > All Russ was asking for is an explanation. Instead, he was told > > > there was no good reason and that it should be changed. That was > > > clearly not an honest representation of clear working group > > > consensus from over 10 months ago which was achieved at great effort. > > > > Was it presented this way in the proto write-up or verbally on an IESG > > telechat or in some other way? Just curious to figure out where things > > went awry here... > > > > Peter > > > > -- > > Peter Saint-Andre > > https://stpeter.im/ > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
