That would make sense once issue 27 is incorporated into the core spec.
-- Mike
From: William Mills [mailto:[email protected]]
Sent: Thursday, October 20, 2011 8:36 AM
To: Julian Reschke; Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
Shouldn't the scope definition here refer to the scope definition in the core
spec?
________________________________
From: Julian Reschke <[email protected]<mailto:[email protected]>>
To: Mike Jones <[email protected]<mailto:[email protected]>>
Cc: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Sent: Thursday, October 20, 2011 12:37 AM
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -10
On 2011-10-20 09:14, Mike Jones wrote:
> Can you recommend specific wording changes to address both issues?
2.2: "The entity-body is encoded using the "application/x-www-form-urlencoded"
media type (Section 17.13.4 of [W3C.REC-html401-19991224]), applied to the
UTF-8 [RFC3629] encoded forms of the parameter values."
Note 1: HTML4 ignores the encoding issue; this is a case where a reference to
HTML5 would actually help in practice.
Note 2: I prefer refs in the form of [REC-html] or [HTML] rather than
[W3C.REC-html401-19991224]...
2.4: As stated earlier, just define all those parameters to be "token /
quoted-string", and then constrain the values further separately, such as:
"The value of the scope parameter, after potential quoted-string unquoting,
contains a set of single-SP delimited scope values." Each scope value is
restricted to
scope-val-char = %x21 / %x23-5B / %x5D-7E
; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
"
etc.
Best regards, Julian
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
