Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

Mike Jones Thu, 20 Oct 2011 00:14:47 -0700

Can you recommend specific wording changes to address both issues?

                                -- Mike

-----Original Message-----
From: Julian Reschke [mailto:[email protected]] 
Sent: Thursday, October 20, 2011 12:13 AM
To: Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

On 2011-10-20 01:38, Mike Jones wrote:
> Draft 10
> <http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-10.html> of 
> the OAuth 2.0 Bearer Token Specification 
> <http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html> has 
> been published, which incorporates consensus decisions reached since 
> Working Group Last Call feedback. It closes all open issues. It 
> contains the following changes:
> ...

This is better.

I still see problems though.

Section 2.2 specifies to use application/x-www-form-urlencoded encoding, but 
doesn't mention the character encoding to use. This may be a non-issue now for 
scopes, but it would be for extension parameters.

Section 2.4 still uses quoted parameters without using the quoted-string 
constructs. This leaves implementers in the dark about whether they can use 
existing quoted-string parsers or not.

Best regards, Julian

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10

Reply via email to