I just noticed that there is a similar situation in ยง4.1* and 4.2**
where there's a MUST before defining the HTTP parameters but some of
the individual parameters are marked as OPTIONAL.
The MUST should probably be dropped.
* http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.1
** http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-4.2
On Mon, Apr 23, 2012 at 3:26 PM, Brian Campbell
bcampb...@pingidentity.com wrote:
Sections 6.1, 6.2, 6.3 and 6.4 of
http://tools.ietf.org/html/draft-ietf-oauth-assertions-01 are all similar in
that they have a paragraph at the top that ends with, The following format
and processing rules SHOULD be applied: followed by a bullet list of
specific rules. However some of the individual bullets themselves have
normative language including several that have a MUST. On rereading the
draft today, I found this to be a little confusing. I mean, what does it
mean to say that you SHOULD MUST do something? At a minimum, it seems like
kind of bad form. I'm thinking that the lead in text before each list should
just say something like The following format and processing rules are to be
applied: to avoid any potential logical conflict between the normative
terms. But depending on how the previous text was interpreted, that could be
considered a breaking change? That might be okay though as this is just an
abstract specification. Any thoughts?
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth