IETF Logo Mail Archive

Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer

Dick Hardt <dick.hardt@gmail.com> Sat, 14 April 2012 08:24 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C43D21F85C4 for <apps-discuss@ietfa.amsl.com>; Sat, 14 Apr 2012 01:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.298
X-Spam-Level:
X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[AWL=-0.299, BAYES_00=-2.599, J_CHICKENPOX_35=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9D59kOPAqO6e for <apps-discuss@ietfa.amsl.com>; Sat, 14 Apr 2012 01:24:41 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id D2D1D21F85B8 for <apps-discuss@ietf.org>; Sat, 14 Apr 2012 01:24:39 -0700 (PDT)
Received: by pbbrp16 with SMTP id rp16so2510076pbb.31 for <apps-discuss@ietf.org>; Sat, 14 Apr 2012 01:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=c4+S2oVHpUodNE3GKhkxc4vwTo1xJrBVfsh2HnvZ5fA=; b=ZNN1jUY8Xfz36zm6EfTl1CGtAF9Vr+KjxBUU05oGThaQmuGSfWlAg+lWnBoJncwj2b wSA9AfvJsOGA9yDjh2j53HwhlGGQHIlK5PdBdJiKR2khxxQSto4U7Zs4N8p58U7nD0Sr 2QcM4PFYI8pTSB3kEtUEZMgNvk8YfQ/I1O+SDxlexgQTtoPguskK+Pky4+zIh4ynkD3u 4NGCGpeFYIobX+4kK6+lWx74Gn+qG1LHkByFcb+fKmYyvRfqPgdaHgqbvhPDrt8916z3 vxux1Et6q2FN+DdD88QydpOaT2SQmteiRhotlpenjKLdZKpXIMiZL9y82XXiUrojeVT+ jYeA==
Received: by 10.68.138.232 with SMTP id qt8mr10903340pbb.114.1334391879593; Sat, 14 Apr 2012 01:24:39 -0700 (PDT)
Received: from [10.0.0.91] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id qb10sm6615823pbb.75.2012.04.14.01.24.37 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 14 Apr 2012 01:24:38 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="windows-1252"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <CAHBU6isCwrEVmtc4wtsOaFwWULBY8eh3x=vQkKp-_ZNmOkLKBg@mail.gmail.com>
Date: Sat, 14 Apr 2012 01:24:36 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <898E78D1-DFFB-4B8B-9C75-7A2BD0D34CBE@gmail.com>
References: <4F866AC0.3000603@qualcomm.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE2816@P3PWEX2MB008.ex2.secureserver.net> <CAHBU6iuR+2CfPsPdkjMJCSmzrX1B8_nLB=xp_NRZi7db78V8vw@mail.gmail.com> <EA3F224E-B219-4753-8D6D-27A1BDDF97FB@tzi.org> <01OEACFVDL5O00ZUIL@mauve.mrochek.com> <E88A83EE-1212-4747-BFE4-F147B49EE088@gmail.com> <CAHBU6isCwrEVmtc4wtsOaFwWULBY8eh3x=vQkKp-_ZNmOkLKBg@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
X-Mailer: Apple Mail (2.1257)
X-Mailman-Approved-At: Sat, 14 Apr 2012 13:04:57 -0700
Cc: Ned Freed <ned.freed@mrochek.com>, Apps Discuss <apps-discuss@ietf.org>, "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>, Pete Resnick <presnick@qualcomm.com>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Apr 2012 08:24:42 -0000

Thanks Tim.

I did not see any discussion on normalizing key=value pairs. One would assume that http://exmaple.com/?a=1&b=2 is equivalent to http://exmaple.com/?b=2&a=1 -- but that does not seem to be significant here.

There are numerous practical reasons for the bearer token to be able to be passed as a query parameter which I would be happy to enumerate if anyone is interested. (so far no one has asked :)

I'm trying to understand the desire to remove this functionality, and after reading the spec my take away is a desire to not specify a query parameter. What am I missing?

-- Dick

On Apr 14, 2012, at 12:58 AM, Tim Bray wrote:
> That would be http://tools.ietf.org/html/rfc3986#section-6
> 
> The fact that it’s kind of long, but still doesn’t find room for
> reserved ?key=val pairs, is significant in this context. -T
> 
> On Sat, Apr 14, 2012 at 12:43 AM, Dick Hardt <dick.hardt@gmail.com> wrote:
>> 
>> On Apr 13, 2012, at 10:58 PM, Ned Freed wrote:
>> 
>> 
>> That said, the rules are what they are, and comparison of URIs has to be
>> taken
>> into account.
>> 
>> 
>> What is the URI comparison rule you are referring to?
>> 
>> -- Dick

v2.23.0 | Report a Bug | By Email