RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 7 records.

Status: Reported (7)

RFC 9200, "Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)", August 2022

Source of RFC: ace (sec)

Errata ID: 8232
Status: Reported
Type: Technical
Publication Format(s) : HTML

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section 5.8.2 says:

/ ace_profile / 38 : "coap_dtls",

It should say:

/ ace_profile / 38 : 1 / coap_dtls /,

Notes:

The example in Figure 7 shows a response with Content-Format "application/ace+cbor". Therefore, the value of the parameter 'ace_profile' must be encoded as a CBOR integer, consistent with Section 5.8.4.3 that says:

> A profile MUST specify an identifier that MUST be used to uniquely identify itself in the ace_profile parameter. The textual representation of the profile identifier is intended for human readability and for JSON-based interactions; it MUST NOT be used for CBOR-based interactions.

Errata ID: 8233
Status: Reported
Type: Technical
Publication Format(s) : HTML

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section F.1 says:

The AS responds with a 2.05 (Content) response containing the
Access Information, including the access token. The PoP access

...


    |         |
B:  |<--------+ Header: 2.05 Content
    |  2.05   | Content-Format: application/ace+cbor
    |         | Payload: <Response-Payload>
    |         |

...

It should say:

The AS responds with a 2.01 (Created) response containing the
Access Information, including the access token. The PoP access

...

    |         |
B:  |<--------+ Header: 2.01 Created
    |  2.01   | Content-Format: application/ace+cbor
    |         | Payload: <Response-Payload>
    |         |

...

Notes:

The quoted text and the example in Figure 11 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.8.2, a successful response from the /token endpoint has CoAP response code 2.01 (Created).

Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.

Errata ID: 8234
Status: Reported
Type: Technical
Publication Format(s) : HTML

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section F.1 says:

    |         |
    |<--------+ Header: 2.04 Changed
    |  2.04   |
    |         |

It should say:

    |         |
    |<--------+ Header: 2.01 Created
    |  2.01   |
    |         |

Notes:

The example in Figure 14 shows a response with CoAP response code 2.04 (Changed). However, as defined in Section 5.9.2, a successful response from the /authz-info endpoint has CoAP response code 2.01 (Created).

Errata ID: 8235
Status: Reported
Type: Technical
Publication Format(s) : HTML

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section F.2 says:

The AS responds with a CoAP 2.05 Content response, containing as
payload the Access Information, including the access token and the

...

    |         |
B:  |<--------+ Header: 2.05 Content
    |         | Content-Format: application/ace+cbor
    |  2.05   | Payload: <Response-Payload>
    |         |

...

It should say:

The AS responds with a CoAP 2.01 Created response, containing as
payload the Access Information, including the access token and the

...

    |         |
B:  |<--------+ Header: 2.01 Created
    |         | Content-Format: application/ace+cbor
    |  2.01   | Payload: <Response-Payload>
    |         |

...

Notes:

The quoted text and the example in Figure 16 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.8.2, a successful response from the /token endpoint has CoAP response code 2.01 (Created).

Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.

Errata ID: 8236
Status: Reported
Type: Technical
Publication Format(s) : HTML

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section F.2 says:

The AS provides the introspection response (2.05 Content) containing
parameters about the token.

...

    |         |          |
    |      E: |<---------+ Header: 2.05 Content
    |         |  2.05    | Content-Format: application/ace+cbor
    |         |          | Payload: <Response-Payload>
    |         |          |

...

It should say:

The AS provides the introspection response (2.01 Created) containing
parameters about the token.

...

    |         |          |
    |      E: |<---------+ Header: 2.01 Created
    |         |  2.01    | Content-Format: application/ace+cbor
    |         |          | Payload: <Response-Payload>
    |         |          |

...

Notes:

The quoted text and the example in Figure 18 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.9.2, a successful response from the /introspect endpoint has CoAP response code 2.01 (Created).

Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.

Errata ID: 8237
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section 5.8.5 says:

+-------------------+----------+-------------+---------------+
| ace_profile       | 38       | integer     | RFC 9200      |
+-------------------+----------+-------------+---------------+

It should say:

+-------------------+----------+-------------+---------------+
| ace_profile       | 38       | Null or     | RFC 9200      |
|                   |          | integer     |               |
+-------------------+----------+-------------+---------------+

Notes:

As defined in Section 5.8.1, the parameter "ace_profile" can be included with CBOR Simple Value `null` (0xf6) in Access Token Requests. Therefore, the entry for the parameter "ace_profile" in Table 5 should not say "integer" as Value Type, but instead "Null or integer".

The entry for "ace_profile" in the IANA registry at [1] should be updated accordingly.

[1] https://www.iana.org/assignments/ace/ace.xhtml#oauth-parameters-cbor-mappings

Errata ID: 8238
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section 8.9 says:

Parameter Usage Location: token response

It should say:

Parameter Usage Location: token request, token response

Notes:

As defined in Section 5.8.1, the parameter "ace_profile" can be included with CBOR Simple Value `null` (0xf6) in Access Token Requests. Therefore, "ace_profile" as an OAuth parameter is intended for both token requests and token responses.

The entry for "ace_profile" in the IANA registry at [2] should be updated accordingly.

[1] https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters

Report New Errata



Advanced Search