Your proposed wording for 2.4 misses the point: \ MUST NOT occur at all in the
input string. No quoting may occur.
Care to suggest other wording that recognizes this point but still addresses
the issue you raise?
-- Mike
-----Original Message-----
From: Julian Reschke [mailto:[email protected]]
Sent: Thursday, October 20, 2011 12:37 AM
To: Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
On 2011-10-20 09:14, Mike Jones wrote:
> Can you recommend specific wording changes to address both issues?
2.2: "The entity-body is encoded using the "application/x-www-form-urlencoded"
media type (Section 17.13.4 of [W3C.REC-html401-19991224]), applied to the
UTF-8 [RFC3629] encoded forms of the parameter values."
Note 1: HTML4 ignores the encoding issue; this is a case where a reference to
HTML5 would actually help in practice.
Note 2: I prefer refs in the form of [REC-html] or [HTML] rather than
[W3C.REC-html401-19991224]...
2.4: As stated earlier, just define all those parameters to be "token /
quoted-string", and then constrain the values further separately, such as:
"The value of the scope parameter, after potential quoted-string
unquoting, contains a set of single-SP delimited scope values." Each
scope value is restricted to
scope-val-char = %x21 / %x23-5B / %x5D-7E
; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
"
etc.
Best regards, Julian
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
