IETF Logo Mail Archive

Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer

Dick Hardt <dick.hardt@gmail.com> Tue, 17 April 2012 16:49 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF711E8074 for <apps-discuss@ietfa.amsl.com>; Tue, 17 Apr 2012 09:49:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.448
X-Spam-Level:
X-Spam-Status: No, score=-3.448 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABfbqZXuKSZ3 for <apps-discuss@ietfa.amsl.com>; Tue, 17 Apr 2012 09:49:57 -0700 (PDT)
Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by ietfa.amsl.com (Postfix) with ESMTP id BA98421F8437 for <apps-discuss@ietf.org>; Tue, 17 Apr 2012 09:49:57 -0700 (PDT)
Received: by dady13 with SMTP id y13so11927623dad.27 for <apps-discuss@ietf.org>; Tue, 17 Apr 2012 09:49:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=bhAnDY5lHdI6I6PY9v4T1KWgZDGL3b6SRSlZMMNci8c=; b=WOPj4SO1EOt6etrvidK6T0L3yMjYeElKxJOla5OUXxl83Fszt2Ff7dQYVK47gB66zk KBs67Zw+Susyi3BG+ptMA8gEMMj9RzL1UeUY+0EPZHXYb6I+lz1hOeA2irpPH+zMvT2I 9GwMlmK45bY8DaVJ8wJST+2DTj7nfFmHlpc6DwEoANTWShdIn+r7zAdKDdt/RKaUOA55 haoO0varpPTS4asfMEWwnxpc7ovAlYHwoULXY3G5mEli6lUV+XajC3/OX1h0bWItegkY xNhD95o7xa/U1/khjZiXUsSFKzjpgrYIrOY2XZ7J9cpLZO9EkAA/pwiFYxGvbH2ygNQD PJ+A==
Received: by 10.68.200.162 with SMTP id jt2mr37392290pbc.54.1334681397545; Tue, 17 Apr 2012 09:49:57 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id it8sm5040425pbc.56.2012.04.17.09.49.54 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 17 Apr 2012 09:49:55 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/alternative; boundary="Apple-Mail=_EA40CF75-8739-4B65-862D-45E3BF551821"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2FE83A2@P3PWEX2MB008.ex2.secureserver.net>
Date: Tue, 17 Apr 2012 09:49:53 -0700
Message-Id: <0608087F-1F83-4D19-9BA2-F2C58ED33F31@gmail.com>
References: <4F866AC0.3000603@qualcomm.com> <01OE8FW1U53G00ZUIL@mauve.mrochek.com> <82462DAA-5118-4108-AA5C-FBEBBC563D4E@mnot.net> <01OE921YMRSW00ZUIL@mauve.mrochek.com> <4F8898A9.8020806@cs.tcd.ie> <22B64109-DAFD-4F2A-B1DA-5950E732882A@mnot.net> <4F88AA3A.8040401@cs.tcd.ie> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE83A2@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1257)
X-Mailman-Approved-At: Wed, 18 Apr 2012 08:08:49 -0700
Cc: Ned Freed <ned.freed@mrochek.com>, "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>, Apps Discuss <apps-discuss@ietf.org>, Mark Nottingham <mnot@mnot.net>, Pete Resnick <presnick@qualcomm.com>
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 16:49:58 -0000

On Apr 14, 2012, at 11:31 PM, Eran Hammer wrote:

>> (Sticking with the naivety:-) So, what's different there from how the base
>> oauth draft registers client_id and shows how that can be used in a GET
>> request? [1]
> 
> Big difference. The base draft specifies its own endpoints as part of a complete API package for obtaining authorization. These parameters are scoped only for the endpoints defined and not for any others. There is no possibility of conflict because the specification defines the entire namespace.
> 
> OTOH, the bearer spec is applied to *any* web resources using OAuth authentication where some other namespace definition must exist.


If we had kept it all in one spec as it had originally been drafted, this would not be an issue, and it would be easier for implementers to understand. I don't know of anyone looking to implement the bearer spec independent of the base spec. (would be interested if anyone does know of an implementation)

v2.23.0 | Report a Bug | By Email