Alternatively if the appendix were as of a point in time but the github references were maintained, the warning that the RFC is a point-in-time while the github references will remain current lets you defer authoring an updated BCP RFC until there are much larger changes in mechanics.
From: John Bradley <[email protected]> Sent: Tuesday, August 27, 2019 6:52 AM To: William Denniss <[email protected]> Cc: RFC Errata System <[email protected]>; Hannes Tschofenig <[email protected]>; Bayard Bell <[email protected]>; Benjamin Kaduk <[email protected]>; oauth <[email protected]>; Roman Danyliw <[email protected]>; [email protected]; [email protected]; Rifaat Shekh-Yusef <[email protected]> Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC8252 (5848) This is not really an eratta. Asome point we need to update the BCP with a updated RFC. Perhaps the time is now to start a new draft that can capture the changes in iOS, OSX and others. John B. On Mon, Aug 26, 2019, 10:46 PM William Denniss <[email protected]<mailto:[email protected]>> wrote: Process-wise I'm not sure if errata should be used to capture changing implementation details like this. We expected the implementation details that we documented in the appendix to change, and explicitly stated that assumption. "The implementation details herein are considered accurate at the time of publishing but will likely change over time.". If updating those implementation details were in scope, then the proposed text should needs to be revised before being accepted due to some inaccuracies (e.g. SFSafariViewController is not a successor to ASWebAuthenticationSession). Best, William On Mon, Aug 26, 2019 at 12:04 PM RFC Errata System <[email protected]<mailto:[email protected]>> wrote: The following errata report has been submitted for RFC8252, "OAuth 2.0 for Native Apps". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5848 -------------------------------------- Type: Technical Reported by: Bayard Bell <[email protected]<mailto:[email protected]>> Section: Appendix B.1 Original Text ------------- Apps can initiate an authorization request in the browser, without the user leaving the app, through the "SFSafariViewController" class or its successor "SFAuthenticationSession", which implement the in- app browser tab pattern. Safari can be used to handle requests on old versions of iOS without in-app browser tab functionality. Corrected Text -------------- Apps can initiate an authorization request in the browser, without the user leaving the app, through the "ASWebAuthenticationSession" class or its successors "SFAuthenticationSession" and "SFSafariViewController", which implement the in-app browser tab pattern. The first of these allows calls to a handler registered for the AS URL, consistent with Section 7.2. The latter two classes, now deprecated, can use Safari to handle requests on old versions of iOS without in-app browser tab functionality. Notes ----- SFAuthenticationSession documentation reflects deprecated status: https://developer.apple.com/documentation/safariservices/sfauthenticationsession Here's the documentation for ASWebAuthenticationSession: https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8252 (draft-ietf-oauth-native-apps-12) -------------------------------------- Title : OAuth 2.0 for Native Apps Publication Date : October 2017 Author(s) : W. Denniss, J. Bradley Category : BEST CURRENT PRACTICE Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
