Mike Jones wrote: > > Per the discussion at > http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html, > the working group's rationale for supporting quoted-string but > not token syntax for these parameters, and for requiring that > backslash ('\') quoting not be used when producing them [...] I'm slightly confused... Instead of inappropriately re-specifying the WWW-Authenticate:, how about referencing the original specification an rules, and then add your desired requirements for *creation* of the contents on top of that, so that oauth-bearer can permit recipients to reject stuff that doesn't fit the additional "send-requirements" when processing the request. I would assume that pretty much all authentication schemes will effectively require subsetting of what can be conveyed to what they can parse, and further subset this to what they can successfully verify, and reject everything else -- without having to rewrite the WWW-Authenticate syntax. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf