On 2011-12-29 22:18, Mike Jones wrote:
You proposed, Julian "3. Do not specify the ABNF. The ABNF of the WWW-Authenticate
is defined in HTTPbis. Just state the names of the parameters, their syntax *after*
parsing and their semantics."
About some of Mark Nottingham's comments, Barry wrote "Let me point out that "this
represents working-group consensus" is not always a valid response. If the working group has
actually considered the *issue*, that might be OK. But if there's consensus for the chosen
solution and someone brings up a *new* issue with it, that issue needs to be addressed anew."
Relative to these two statements, I believe that I should remark at this point that your
proposed semantics of only considering the syntax after potential quoting was explicitly
considered earlier by the working group and rejected. The consensus, instead, was for
the present "no quoting will occur for legal inputs" semantics.
It would be helpful if you could back this statement with pointers to
mails. As far as I can tell it's just you disagreeing with me.
Back to the facts:
a) the bearer spec defines an HTTP authentication scheme, and
normatively refers to HTTPbis Part7 for that
b) HTTPbis recommends new scheme definitions not to have their own ABNF,
as the header field syntax is defined by HTTPbis, not the individual scheme
c) the bearer spec defines it's own ABNF nevertheless
So the two specs are in conflict, and we should resolve the conflict one
way or the other.
If you disagree with the recommendation in HTTPbis, then you really
really should come over to HTTPbis WG and argue your point of view.
If you agree with it, but think that the bearer spec can't follow the
recommendation, then it would be good to explain the reasoning
(optimally in the spec).
If you agree with it, and think the bearer spec *could* follow it,
then... change it, by all means.
Anyway, if this issue isn't resolved before IETF LC then it will be
raised again at that time.
I believe that in the New Year the chairs and area directors will need to
decide how to proceed on this issue. (The working group consensus, as I see
it, is already both well-informed and clear on this point, but I understand
that that's not the only consideration.) It would be good to see the spec
finished shortly.
...
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
