Hello,
I noticed some editorial issues in draft-ietf-oauth-v2-05 and I hope they can
be fixed in the next draft :)
1. Section 2, Last paragraph:
"This specification defines the use of OAuth over HTTP [RFC2616] (or HTTP
over TLS 1.0 as defined by [RFC2818]."
A closing bracket is missing after "[RFC2818]".
2. Section 2.1:
The description of "bearer token" was placed on the same line. It should be on
the next line. If this is caused by page-break constraint, perhaps the
description of "end-user" should be on the same line as it is the shortest.
3. The use of the "application/x-www-form-urlencoded" content type in requests
I noticed that all examples of client requests are done with
application/x-www-form-urlencoded content and I assume that authorization
servers ONLY accept requests application/x-www-form-urlencoded content.
However, this seems not written explicitly or clearly in the specification.
With response format can be in JSON or XML in addition to form, confusion may
be caused.
4. The use of [W3C.REC-html40-19980424]:
The HTML 4.0 Specification, http://www.w3.org/TR/1998/REC-html40-19980424,
appears to be obsolete by the HTML 4.01 Specification at
http://www.w3.org/TR/1999/REC-html401-19991224/. I think all references to HTML
4.0 should be updated to use HTML 4.01. The draft may also point out that the
definition of application/x-www-form-urlencoded is located in Section 17.13.4.1
of [W3C.REC-html401-19991224].
An example at
http://tools.ietf.org/html/draft-nottingham-http-link-header-10#section-9.1
Regards,
Franklin Tse
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
