I realize that we disagree. Unless you change your position, it seems that the
working group will need to decide whether registering error codes aids
interoperability. I believe that it does.
(You also appeared to agree as well in draft 11, in which you included the text
"[[ Add mechanism for extending error codes ]".)
-- Mike
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Monday, February 28, 2011 1:27 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] OAuth bearer token draft ready for working group last
call
My last note on this was:
---
OAuth 2.0 defines two endpoint, each with a set of error codes. These codes are
not extensible and therefore do not require a registry. If you want to allow
error code extensibility, you need to make the case for that with requirements
and use cases. I have not seen any.
My API uses the 'position' parameter for protected resources. Am I expected to
register it? It has nothing to do with OAuth, but if I supported Bearer token
would be used alongside the 'oauth_token' parameter. The 'oauth_token'
parameter is an nasty hack to make it easy for developers to access protected
resources without using the Authorization header (based on browser limitations
from 4 years ago). Defining a registry for this parameter is just adding insult
to injury.
The bearer token draft can define whatever registries it want for those using
*bearer* tokens. It has no say on anything else. Period. If you want to make
changed to other drafts, you need to make a case and build consensus. By
definition, your drafts cannot change any requirement in other drafts unless
you update them (this is an IETF process rule).
Can you provide use cases, requirements, and examples for each of your new
proposals?
---
Did I miss a reply?
EHL
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Monday, February 28, 2011 1:25 PM
To: Eran Hammer-Lahav; Hannes Tschofenig; Blaine Cook
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] OAuth bearer token draft ready for working group last
call
I did not ignore your feedback. I replied to it, pointing out why I believe
your position is incorrect.
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Monday, February 28, 2011 1:14 PM
To: Mike Jones; Hannes Tschofenig; Blaine Cook
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] OAuth bearer token draft ready for working group last
call
I am opposed to all the new registration changes and requirements which have
any impact on draft-ietf-oauth-v2. This request seems a bit odd given my
feedback (which you have, again, ignored).
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Monday, February 28, 2011 12:51 PM
To: Hannes Tschofenig; Blaine Cook
Cc: oauth@ietf.org
Subject: [OAUTH-WG] OAuth bearer token draft ready for working group last call
As editor, having received no comments on the normative content of
draft-ietf-oauth-v2-bearer-03, and having made no breaking changes since draft
-01, other than one change voted upon by the working group, I believe that
draft-ietf-oauth-v2-bearer-03 is ready for working group last call.
I'll note that this draft requires editorial updates to the IANA Considerations
section framework specification to register its errors. This should happen in
draft -14 at the same time that the security considerations are added. At that
point, hopefully we can go to working group last call on the framework
specification as well.
-- Mike
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
