On 2012-07-23 00:33, Stephen Farrell wrote:
Hi all,
I'd like to check that some recent minor changes to this
document [1] don't cause technical or process-grief.
The version [2] of the oauth bearer draft that underwent
IETF LC and IESG evaluation had a normative dependency
on the httpbis wg's authentication framework. [3]
After resolving IESG discuss positions the authors and
wg chairs felt that it would be better to replace the
normative reference to the httpbis wg draft [3] with one
to RFC 2617 [4] so that the OAuth drafts wouldn't be held
in the RFC editor queue waiting on the httpbis wg to get
done.
I believe there is no impact on interop resulting from
this change but there has been some disagreement about
making it and how it was made. After some offlist discussion
I think we now have an RFC editor note [5] that means that
the current scheme of referring to RFC 2617 is ok.
...
Quoting:
NEW:
The "Authorization" header for this scheme follows the usage
of the Basic scheme [RFC2617]. Note that, as with Basic, this
is compatible with the the general authentication framework
being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though
does not follow the preferred practice outlined therein in
order to reflect existing deployments. The syntax for Bearer
credentials is as follows:
That helps, but it still hides the fact that the syntax is not
compatible with the RFC 2617 framework.
Also, s/header/header field/
Proposal:
"The syntax of the "Authorization" header field for this scheme follows
the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note
that, as with Basic, it does not conform to the generic syntax defined
in Section 1.2 of [RFC2617], but that it is compatible with the the
general authentication framework being developed for HTTP 1.1
[I-D.ietf-httpbis-p7-auth], although it does not follow the preferred
practice outlined therein in order to reflect existing deployments.
The syntax for Bearer credentials is as follows: ..."
Best regards, Julian
