IETF Logo Mail Archive

Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer

Dick Hardt <dick.hardt@gmail.com> Tue, 17 April 2012 19:31 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDD911E80D0 for <apps-discuss@ietfa.amsl.com>; Tue, 17 Apr 2012 12:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.523
X-Spam-Level:
X-Spam-Status: No, score=-3.523 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFNGSCRUeUsI for <apps-discuss@ietfa.amsl.com>; Tue, 17 Apr 2012 12:31:40 -0700 (PDT)
Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by ietfa.amsl.com (Postfix) with ESMTP id CE6BD11E80CD for <apps-discuss@ietf.org>; Tue, 17 Apr 2012 12:31:40 -0700 (PDT)
Received: by dady13 with SMTP id y13so12163330dad.27 for <apps-discuss@ietf.org>; Tue, 17 Apr 2012 12:31:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=RnfyZfRhd3G5/35ycz6L0HWhh1FZK7rHrcG93zqQ994=; b=jEfW49Hm8IB05Rc9iXbDGyoJPNBzUnUQn7Kqn8xBKdMw/tFSPON2HpsQpw6SYzpZ1X ew6iK80FJZkDHW71F91KKfn1MbxOyBxYG6SU+oNdg7ggoqiwpGsa6+nLVFqs+fGSkULx ETwaxlI2Y1i6Qv6AmrARqqterVqdPSVYCTk8u67e4ET7Bqr/ExAI2FpSl80JZ26WUsjM UgV1SWdbS+wsnynRRI8zzNpxRLilzRKStitNyJRho3ukEyEtFaQsZSqjFwC2S8IZBlW6 TmtvdTJiBbYmKY+6cx9hC8zWeUKcawnWTk58PhNvVr2TBE6NhSrB+7SPvb34XjLyKbKl 4m+g==
Received: by 10.68.221.74 with SMTP id qc10mr38538332pbc.80.1334691100456; Tue, 17 Apr 2012 12:31:40 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id d6sm21474459pbi.23.2012.04.17.12.31.36 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 17 Apr 2012 12:31:37 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/alternative; boundary="Apple-Mail=_1C7B89E6-D572-4511-8453-3326ADAA08CB"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2FECDB0@P3PWEX2MB008.ex2.secureserver.net>
Date: Tue, 17 Apr 2012 12:31:35 -0700
Message-Id: <5837DDA7-19DC-4452-BD47-FFF6C674E179@gmail.com>
References: <4F866AC0.3000603@qualcomm.com> <01OE8FW1U53G00ZUIL@mauve.mrochek.com> <82462DAA-5118-4108-AA5C-FBEBBC563D4E@mnot.net> <01OE921YMRSW00ZUIL@mauve.mrochek.com> <4F8898A9.8020806@cs.tcd.ie> <22B64109-DAFD-4F2A-B1DA-5950E732882A@mnot.net> <4F88AA3A.8040401@cs.tcd.ie> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE83A2@P3PWEX2MB008.ex2.secureserver.net> <0608087F-1F83-4D19-9BA2-F2C58ED33F31@gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FECDB0@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1257)
X-Mailman-Approved-At: Wed, 18 Apr 2012 08:09:12 -0700
Cc: Ned Freed <ned.freed@mrochek.com>, Apps Discuss <apps-discuss@ietf.org>, "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>, Mark Nottingham <mnot@mnot.net>, Pete Resnick <presnick@qualcomm.com>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 19:31:41 -0000

Please elaborate on what the issue is then as protecting API resources is what OAuth is all about. 

On Apr 17, 2012, at 12:19 PM, Eran Hammer wrote:

> That has nothing to do with this issue. The protected resources API format was never part of OAuth at any time.
>  
> EH
>  
> From: Dick Hardt [mailto:dick.hardt@gmail.com] 
> Sent: Tuesday, April 17, 2012 9:50 AM
> To: Eran Hammer
> Cc: Stephen Farrell; Mark Nottingham; Pete Resnick; Ned Freed; draft-ietf-oauth-v2-bearer.all@tools.ietf.org; Apps Discuss
> Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
>  
>  
> On Apr 14, 2012, at 11:31 PM, Eran Hammer wrote:
> 
> 
> (Sticking with the naivety:-) So, what's different there from how the base
> oauth draft registers client_id and shows how that can be used in a GET
> request? [1]
> 
> Big difference. The base draft specifies its own endpoints as part of a complete API package for obtaining authorization. These parameters are scoped only for the endpoints defined and not for any others. There is no possibility of conflict because the specification defines the entire namespace.
> 
> OTOH, the bearer spec is applied to *any* web resources using OAuth authentication where some other namespace definition must exist.
>  
>  
> If we had kept it all in one spec as it had originally been drafted, this would not be an issue, and it would be easier for implementers to understand. I don't know of anyone looking to implement the bearer spec independent of the base spec. (would be interested if anyone does know of an implementation)

v2.23.0 | Report a Bug | By Email