I just noticed that there is a similar situation in ยง4.1* and 4.2** where there's a MUST before defining the HTTP parameters but some of the individual parameters are marked as OPTIONAL.
The MUST should probably be dropped. * http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.1 ** http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.2 On Mon, Apr 23, 2012 at 3:26 PM, Brian Campbell <bcampb...@pingidentity.com> wrote: > Sections 6.1, 6.2, 6.3 and 6.4 of > http://tools.ietf.org/html/draft-ietf-oauth-assertions-01 are all similar in > that they have a paragraph at the top that ends with, "The following format > and processing rules SHOULD be applied:" followed by a bullet list of > specific rules. However some of the individual bullets themselves have > normative language including several that have a MUST. On rereading the > draft today, I found this to be a little confusing. I mean, what does it > mean to say that you SHOULD MUST do something? At a minimum, it seems like > kind of bad form. I'm thinking that the lead in text before each list should > just say something like "The following format and processing rules are to be > applied:" to avoid any potential logical conflict between the normative > terms. But depending on how the previous text was interpreted, that could be > considered a breaking change? That might be okay though as this is just an > abstract specification. Any thoughts? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth