You should actually probably make that name change request to the HTTPbis
working group. I suspect that if they decide to change the name, that we could
direct the RFC editor to make the same name change as HTTPbis does.
-- Mike
-----Original Message-----
From: Alexey Melnikov [mailto:alexey.melni...@isode.com]
Sent: Tuesday, July 17, 2012 10:58 AM
To: Mike Jones
Cc: Julian Reschke; The IESG; General Area Review Team; oauth@ietf.org;
draft-ietf-oauth-v2-bearer....@tools.ietf.org; Stephen Farrell
Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of
draft-ietf-oauth-v2-bearer-22.txt
On 17/07/2012 18:15, Mike Jones wrote:
> For clarity of discussion, the definition in question is:
> b64token = 1*( ALPHA / DIGIT /
> "-" / "." / "_" / "~" / "+" / "/" ) *"="
>
> Note that b64token is a liberal syntax intended to permit base64 encoded
> content (hence the inclusion of the "+" and "/" characters and the optional
> trailing "=" characters), base64url encoded content (hence the inclusion of
> the "-" and "_" characters) and other URL-safe productions (hence the
> inclusion of the "." and "~" characters).
>
> Its use is definitely not intended to be restricted to base64 encoded
> content, per RFC 4648. If it were so restricted (by not allowing ".", for
> instance), this would exclude the use of JWTs as bearer tokens, for instance,
> which is something we *definitely* want to allow.
>
> As a result, I don't think adding a reference to RFC 4648 is either necessary
> or appropriate.
In this case, can you please rename the production to something which is
clearly not a base64 string.
> Julian may be able to provide more background.
>
> Best wishes,
> -- Mike
>
> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melni...@isode.com]
> Sent: Tuesday, July 17, 2012 10:02 AM
> To: Julian Reschke; Mike Jones
> Cc: The IESG; General Area Review Team; oauth@ietf.org;
> draft-ietf-oauth-v2-bearer....@tools.ietf.org; Stephen Farrell
> Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of
> draft-ietf-oauth-v2-bearer-22.txt
>
> On 17/07/2012 17:40, Julian Reschke wrote:
>> On 2012-07-17 18:10, Mike Jones wrote:
>>> FYI, the b64 token definition is identical to the one in
>>> draft-ietf-httpbis-p7-auth-20. If it works there, it should work
>>> for OAuth Bearer.
>>> ...
>> +1; not every constraint needs to be expressed in the ABNF. "b64token"
>> is here so recipients can parse the header field; it's up to the auth
>> scheme to state what the addition constraints are; and that can
>> happen in prose.
> I didn't say that it has to be expressed in ABNF (although I obviously
> wouldn't mind). I would like an ABNF comment pointing to the document which
> defines base64.
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
