Hiya, On 07/23/2012 08:56 AM, Julian Reschke wrote: > On 2012-07-23 00:33, Stephen Farrell wrote: >> >> Hi all, >> >> I'd like to check that some recent minor changes to this >> document [1] don't cause technical or process-grief. >> >> The version [2] of the oauth bearer draft that underwent >> IETF LC and IESG evaluation had a normative dependency >> on the httpbis wg's authentication framework. [3] >> >> After resolving IESG discuss positions the authors and >> wg chairs felt that it would be better to replace the >> normative reference to the httpbis wg draft [3] with one >> to RFC 2617 [4] so that the OAuth drafts wouldn't be held >> in the RFC editor queue waiting on the httpbis wg to get >> done. >> >> I believe there is no impact on interop resulting from >> this change but there has been some disagreement about >> making it and how it was made. After some offlist discussion >> I think we now have an RFC editor note [5] that means that >> the current scheme of referring to RFC 2617 is ok. >> ... > > Quoting: > >> NEW: >> >> The "Authorization" header for this scheme follows the usage >> of the Basic scheme [RFC2617]. Note that, as with Basic, this >> is compatible with the the general authentication framework >> being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though >> does not follow the preferred practice outlined therein in >> order to reflect existing deployments. The syntax for Bearer >> credentials is as follows: > > That helps, but it still hides the fact that the syntax is not > compatible with the RFC 2617 framework.
"hides" isn't a goal:-) > Also, s/header/header field/ > > Proposal: > > "The syntax of the "Authorization" header field for this scheme follows > the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note > that, as with Basic, it does not conform to the generic syntax defined > in Section 1.2 of [RFC2617], but that it is compatible with the the > general authentication framework being developed for HTTP 1.1 > [I-D.ietf-httpbis-p7-auth], although it does not follow the preferred > practice outlined therein in order to reflect existing deployments. > > The syntax for Bearer credentials is as follows: ..." That looks better. I've updated the RFC editor note to use your text. Thanks, S. > > Best regards, Julian > > > >
