Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hiya,

On 07/23/2012 08:56 AM, Julian Reschke wrote:
> On 2012-07-23 00:33, Stephen Farrell wrote:
>>
>> Hi all,
>>
>> I'd like to check that some recent minor changes to this
>> document [1] don't cause technical or process-grief.
>>
>> The version [2] of the oauth bearer draft that underwent
>> IETF LC and IESG evaluation had a normative dependency
>> on the httpbis wg's authentication framework. [3]
>>
>> After resolving IESG discuss positions the authors and
>> wg chairs felt that it would be better to replace the
>> normative reference to the httpbis wg draft [3] with one
>> to RFC 2617 [4] so that the OAuth drafts wouldn't be held
>> in the RFC editor queue waiting on the httpbis wg to get
>> done.
>>
>> I believe there is no impact on interop resulting from
>> this change but there has been some disagreement about
>> making it and how it was made. After some offlist discussion
>> I think we now have an RFC editor note [5] that means that
>> the current scheme of referring to RFC 2617 is ok.
>> ...
> 
> Quoting:
> 
>> NEW:
>>
>>    The "Authorization" header for this scheme follows the usage
>>    of the Basic scheme [RFC2617]. Note that, as with Basic, this
>>    is compatible with the the general authentication framework
>>    being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though
>>    does not follow the preferred practice outlined therein in
>>    order to reflect existing deployments. The syntax for Bearer
>>    credentials is as follows:
> 
> That helps, but it still hides the fact that the syntax is not
> compatible with the RFC 2617 framework.

"hides" isn't a goal:-)

> Also, s/header/header field/
> 
> Proposal:
> 
> "The syntax of the "Authorization" header field for this scheme follows
> the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note
> that, as with Basic, it does not conform to the generic syntax defined
> in Section 1.2 of [RFC2617], but that it is compatible with the the
> general authentication framework being developed for HTTP 1.1
> [I-D.ietf-httpbis-p7-auth], although it does not follow the preferred
> practice outlined therein in order to reflect existing deployments.
> 
> The syntax for Bearer credentials is as follows: ..."

That looks better. I've updated the RFC editor note to
use your text.

Thanks,
S.

> 
> Best regards, Julian
> 
> 
> 
>
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]