Discussion:
[OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697)
RFC Errata System
2016-05-19 08:26:38 UTC
Permalink
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697

--------------------------------------
Type: Editorial
Reported by: Ludwig Seitz <***@sics.se>

Section: 7.1

Original Text
-------------
For example, the "bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:


Corrected Text
--------------
For example, the "Bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:


Notes
-----
RFC6750 defines the "Bearer" token type not the "bearer" token type.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
Manger, James
2016-05-20 01:22:29 UTC
Permalink
I suggest this errata be REJECTED as token types are case-insensitive.

Each field in RFC6749 that takes a token type explicitly says the value is case insensitive.

4.2.2. Access Token Response

token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.

5.1. Successful Response

token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.

When used as an HTTP authentication scheme name it is also case insensitive. From RFC7235 "HTTP/1.1 Authentication":

2.1. Challenge and Response

... It uses a case-insensitive token as a means to identify the authentication scheme,

--
James Manger



-----Original Message-----
From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of RFC Errata System
Sent: Thursday, 19 May 2016 6:27 PM
To: ***@gmail.com; ***@cs.tcd.ie; ***@gmail.com; ***@gmx.net; ***@ihtfp.com
Cc: ***@ietf.org; rfc-***@rfc-editor.org
Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697)

The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697

--------------------------------------
Type: Editorial
Reported by: Ludwig Seitz <***@sics.se>

Section: 7.1

Original Text
-------------
For example, the "bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:


Corrected Text
--------------
For example, the "Bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:


Notes
-----
RFC6750 defines the "Bearer" token type not the "bearer" token type.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
John Bradley
2016-05-20 15:08:13 UTC
Permalink
Agreed this should be REJECTED.
Post by Manger, James
I suggest this errata be REJECTED as token types are case-insensitive.
Each field in RFC6749 that takes a token type explicitly says the value is case insensitive.
4.2.2. Access Token Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
5.1. Successful Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
2.1. Challenge and Response
... It uses a case-insensitive token as a means to identify the authentication scheme,
--
James Manger
-----Original Message-----
Sent: Thursday, 19 May 2016 6:27 PM
Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697)
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".
--------------------------------------
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697
--------------------------------------
Type: Editorial
Section: 7.1
Original Text
-------------
For example, the "bearer" token type defined in [RFC6750] is utilized
Corrected Text
--------------
For example, the "Bearer" token type defined in [RFC6750] is utilized
Notes
-----
RFC6750 defines the "Bearer" token type not the "bearer" token type.
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Brian Campbell
2016-05-20 15:17:41 UTC
Permalink
Also agree
Post by John Bradley
Agreed this should be REJECTED.
On May 19, 2016, at 9:22 PM, Manger, James <
I suggest this errata be REJECTED as token types are case-insensitive.
Each field in RFC6749 that takes a token type explicitly says the value
is case insensitive.
4.2.2. Access Token Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
5.1. Successful Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
When used as an HTTP authentication scheme name it is also case
2.1. Challenge and Response
... It uses a case-insensitive token as a means to identify the
authentication scheme,
--
James Manger
-----Original Message-----
System
Sent: Thursday, 19 May 2016 6:27 PM
Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697)
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".
--------------------------------------
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697
--------------------------------------
Type: Editorial
Section: 7.1
Original Text
-------------
For example, the "bearer" token type defined in [RFC6750] is utilized
Corrected Text
--------------
For example, the "Bearer" token type defined in [RFC6750] is utilized
Notes
-----
RFC6750 defines the "Bearer" token type not the "bearer" token type.
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Loading...