FYI, the b64 token definition is identical to the one in draft-ietf-httpbis-p7-auth-20. If it works there, it should work for OAuth Bearer.
-- Mike ________________________________ From: Stephen Farrell Sent: 7/17/2012 4:12 AM To: draft-ietf-oauth-v2-bearer....@tools.ietf.org Cc: General Area Review Team; oauth@ietf.org; The IESG Subject: Re: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt Folks. Please don't develop any new revisions for these documents right now. I know you can't officially post 'em anyway, but I don't want us to get tempted to roll new versions handling unrelated comments. (Alexey's comments are not unrelated.) I'd like to handle any tweaks needed as RFC editor notes if possible. S On 07/17/2012 12:04 PM, Alexey Melnikov wrote: > I am still Ok with -22, but I have 1 new comment raised by introduction > of the base64 ABNF non terminal: > > I think it would be worth adding a comment for b64token that points to > the base64 RFC. The current ABNF is too permissive (arbitrary number of > "=" allowed at the end) and there are enough broken base64 parsers > around (parsers that ignore everything after a "=", parsers that support > arbitrary number of "=" at the end, etc.), so we shouldn't encourage > creation of new ones. > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
