[OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -05

Sat, 21 May 2011 15:00:06 -0700 

In preparation for the OAuth working group meeting on Monday, I've published 
draft 05<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.html> of 
the OAuth Bearer Token 
Specification<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html>, 
incorporating input received from the OAuth design team.  The changes in this 
draft are:

*        Removed OAuth Errors Registry, per design team input.

*        Changed HTTP status code for invalid_request error code from HTTP 400 
(Bad Request) to HTTP 401 (Unauthorized) to match HTTP usage [[ change pending 
working group consensus ]].

*        Added missing quotation marks in error-uri definition.

*        Added note to add language and encoding information to 
error_description if the core specification does.

*        Explicitly reference the Augmented Backus-Naur Form (ABNF) defined in 
[RFC5234].

*        Use auth-param instead of repeating its definition, which is ( token 
"=" ( token / quoted-string ) ).

*        Clarify security considerations about including an audience 
restriction in the token and include a recommendation to issue scoped bearer 
tokens in the summary of recommendations.

The draft is available at these locations:

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-05.pdf

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-05.txt

*        http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-05.xml

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.html

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.pdf

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.txt

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.xml

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will 
point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will 
point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will 
point to new versions as they are posted)

*        http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will 
point to new versions as they are posted)

*        http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion 
repository, with html, pdf, txt, and html versions available)

                                                            -- Mike


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to