Re: [OAUTH-WG] Adam Roach's Discuss on draft-ietf-oauth-device-flow-12: (with DISCUSS)

Fri, 19 Oct 2018 17:00:45 -0700 

Thanks. I have entered a ballot of "no objection."

/a

On 10/19/18 4:15 PM, William Denniss wrote:

Adam,
Thank you for your feedback and pointers, version 13 should fully address your feedback.  Comments inline:
On Wed, Aug 1, 2018 at 5:43 PM, Adam Roach <a...@nostrum.com <mailto:a...@nostrum.com>> wrote: 


    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------

    Thanks to the authors for addressing my comments and half of my
    DISCUSS.
    This final issue appears to remain unaddressed:

    §3.1:

    >  The client initiates the flow by requesting a set of verification
    >  codes from the authorization server by making an HTTP "POST"
    request
    >  to the device authorization endpoint.  The client constructs the
    >  request with the following parameters, encoded with the
    "application/
    >  x-www-form-urlencoded" content type:

    This document needs a normative citation for this media type.

    My suggestion would be to cite REC-html5-20141028 section
    4.10.22.6, as this
    appears to be the most recent stable description of how to encode
    this media
    type. I'd love to hear rationale behind other citations being more
    appropriate,
    since I'm not entirely happy with the one I suggest above (given
    that it's been
    superseded by HTML 5.2); but every other plausible citation I can
    find is even
    less palatable (with HTML 5.2 itself having the drawback of not
    actually
    defining how to encode the media type, instead pointing to an
    unstable,
    unversioned document).
Thank you for the advice. I've struggled with this one myself. HTML 5.2 like you say links to an unstable and unversioned document (albeit one that is readable and pleasant for implementors). I wish they had a proper stable reference, it seems odd to normatively reference something that isn't stable to me, but what can we do? 

I went with the exact reference you suggested, it's in version 13.

Best,
William




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to