RFC Errata
Found 7 records.
Status: Reported (7)
RFC 9200, "Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)", August 2022
Source of RFC: ace (sec)
Errata ID: 8232
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section 5.8.2 says:
/ ace_profile / 38 : "coap_dtls",
It should say:
/ ace_profile / 38 : 1 / coap_dtls /,
Notes:
The example in Figure 7 shows a response with Content-Format "application/ace+cbor". Therefore, the value of the parameter 'ace_profile' must be encoded as a CBOR integer, consistent with Section 5.8.4.3 that says:
> A profile MUST specify an identifier that MUST be used to uniquely identify itself in the ace_profile parameter. The textual representation of the profile identifier is intended for human readability and for JSON-based interactions; it MUST NOT be used for CBOR-based interactions.
Errata ID: 8233
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section F.1 says:
The AS responds with a 2.05 (Content) response containing the Access Information, including the access token. The PoP access ... | | B: |<--------+ Header: 2.05 Content | 2.05 | Content-Format: application/ace+cbor | | Payload: <Response-Payload> | | ...
It should say:
The AS responds with a 2.01 (Created) response containing the Access Information, including the access token. The PoP access ... | | B: |<--------+ Header: 2.01 Created | 2.01 | Content-Format: application/ace+cbor | | Payload: <Response-Payload> | | ...
Notes:
The quoted text and the example in Figure 11 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.8.2, a successful response from the /token endpoint has CoAP response code 2.01 (Created).
Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.
Errata ID: 8234
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section F.1 says:
| | |<--------+ Header: 2.04 Changed | 2.04 | | |
It should say:
| | |<--------+ Header: 2.01 Created | 2.01 | | |
Notes:
The example in Figure 14 shows a response with CoAP response code 2.04 (Changed). However, as defined in Section 5.9.2, a successful response from the /authz-info endpoint has CoAP response code 2.01 (Created).
Errata ID: 8235
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section F.2 says:
The AS responds with a CoAP 2.05 Content response, containing as payload the Access Information, including the access token and the ... | | B: |<--------+ Header: 2.05 Content | | Content-Format: application/ace+cbor | 2.05 | Payload: <Response-Payload> | | ...
It should say:
The AS responds with a CoAP 2.01 Created response, containing as payload the Access Information, including the access token and the ... | | B: |<--------+ Header: 2.01 Created | | Content-Format: application/ace+cbor | 2.01 | Payload: <Response-Payload> | | ...
Notes:
The quoted text and the example in Figure 16 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.8.2, a successful response from the /token endpoint has CoAP response code 2.01 (Created).
Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.
Errata ID: 8236
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section F.2 says:
The AS provides the introspection response (2.05 Content) containing parameters about the token. ... | | | | E: |<---------+ Header: 2.05 Content | | 2.05 | Content-Format: application/ace+cbor | | | Payload: <Response-Payload> | | | ...
It should say:
The AS provides the introspection response (2.01 Created) containing parameters about the token. ... | | | | E: |<---------+ Header: 2.01 Created | | 2.01 | Content-Format: application/ace+cbor | | | Payload: <Response-Payload> | | | ...
Notes:
The quoted text and the example in Figure 18 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.9.2, a successful response from the /introspect endpoint has CoAP response code 2.01 (Created).
Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.
Errata ID: 8237
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section 5.8.5 says:
+-------------------+----------+-------------+---------------+ | ace_profile | 38 | integer | RFC 9200 | +-------------------+----------+-------------+---------------+
It should say:
+-------------------+----------+-------------+---------------+ | ace_profile | 38 | Null or | RFC 9200 | | | | integer | | +-------------------+----------+-------------+---------------+
Notes:
As defined in Section 5.8.1, the parameter "ace_profile" can be included with CBOR Simple Value `null` (0xf6) in Access Token Requests. Therefore, the entry for the parameter "ace_profile" in Table 5 should not say "integer" as Value Type, but instead "Null or integer".
The entry for "ace_profile" in the IANA registry at [1] should be updated accordingly.
[1] https://www.iana.org/assignments/ace/ace.xhtml#oauth-parameters-cbor-mappings
Errata ID: 8238
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section 8.9 says:
Parameter Usage Location: token response
It should say:
Parameter Usage Location: token request, token response
Notes:
As defined in Section 5.8.1, the parameter "ace_profile" can be included with CBOR Simple Value `null` (0xf6) in Access Token Requests. Therefore, "ace_profile" as an OAuth parameter is intended for both token requests and token responses.
The entry for "ace_profile" in the IANA registry at [2] should be updated accordingly.
[1] https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters