Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
John C Klensin <john-ietf@jck.com> Fri, 13 April 2012 23:41 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C53011E813A for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 16:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.162
X-Spam-Level:
X-Spam-Status: No, score=-102.162 tagged_above=-999 required=5 tests=[AWL=-0.163, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ehn-l67cpVO4 for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 16:41:42 -0700 (PDT)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 2673511E8138 for <apps-discuss@ietf.org>; Fri, 13 Apr 2012 16:41:41 -0700 (PDT)
Received: from [198.252.137.7] (helo=PST.JCK.COM) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1SIq2E-000GR4-3T; Fri, 13 Apr 2012 19:36:10 -0400
Date: Fri, 13 Apr 2012 19:41:25 -0400
From: John C Klensin <john-ietf@jck.com>
To: Carsten Bormann <cabo@tzi.org>, Tim Bray <tbray@textuality.com>
Message-ID: <727EF992755CC4973CC63C45@PST.JCK.COM>
In-Reply-To: <EA3F224E-B219-4753-8D6D-27A1BDDF97FB@tzi.org>
References: <4F866AC0.3000603@qualcomm.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE2816@P3PWEX2MB008.ex2.secureserver.net> <CAHBU6iuR+2CfPsPdkjMJCSmzrX1B8_nLB=xp_NRZi7db78V8vw@mail.gmail.com> <EA3F224E-B219-4753-8D6D-27A1BDDF97FB@tzi.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: Pete Resnick <presnick@qualcomm.com>, draft-ietf-oauth-v2-bearer.all@tools.ietf.org, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 23:41:42 -0000
--On Saturday, April 14, 2012 01:11 +0200 Carsten Bormann <cabo@tzi.org> wrote: > On Apr 12, 2012, at 18:34, Tim Bray wrote: > >> Well, it would claim it as a reserved paramater name if there >> a way to do such a thing, which there explicitly isn't in >> RFC3986. URIs are for most application purposes opaque >> strings; this breaks that and is a hideous architectural >> botch. > > I would like to turn this observation around. > > People put stuff like this into the URI because there are > applications where it would be useful to combine information > such as what we'd prefer to put into HTTP header fields with > URI information into one *thing*. (Or they put stuff into > Cookies because this URI munching doesn't always work very > well either.) > > Independent from the specific subject here (where there is > little point in further invention), I think it would be useful > to explore a little more the reasons for this and maybe find a > better way to carry around information that is ancillary to a > resource access. The recent http+aes brouhaha is another > (somewhat different, as it is client-side only) example for > this need, I think. (The way mailto: has evolved is an > example where this need could be met within the URI scheme.) Carsten, Just a quick personal opinion, related to your more general comment above but almost unrelated to the specific OAUTH parameter. We (that is IETF and W3C) made a decision (a very long time ago as these things go) to not establish an explicit terminator for the end of a URI tail. If we had such a terminator, we would now have a place, post-terminator, for putting "stuff" that is important but that would not foul up comparison of URIs. If we were smart about it, we might even establish a keyword registry for things hung off the end, thereby eliminating one of the other problems that people are concerned about. I don't know if it would be possible to revisit that decision at this point. Certainly it would be painful if it were even possible. But it seems to me that it, or something like it (an equally difficult possibility might be to figure out a way to hide qualifying information in the vicinity of the Method field) are, I think, the only ways that one can both insert information that is relevant to aspects of URIs generally without compromising either the ability to compare them of the assumption that anything that falls into the tail belongs to the target server and gets interpreted pretty much as it desires. regards, john
- [apps-discuss] Reserved URI query parameter in dr… Pete Resnick
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Julian Reschke
- Re: [apps-discuss] Reserved URI query parameter i… Tim Bray
- Re: [apps-discuss] Reserved URI query parameter i… John C Klensin
- Re: [apps-discuss] Reserved URI query parameter i… Ned Freed
- Re: [apps-discuss] Reserved URI query parameter i… Mark Nottingham
- Re: [apps-discuss] Reserved URI query parameter i… Ned Freed
- Re: [apps-discuss] Reserved URI query parameter i… John C Klensin
- Re: [apps-discuss] Reserved URI query parameter i… John C Klensin
- Re: [apps-discuss] Reserved URI query parameter i… Stephen Farrell
- Re: [apps-discuss] Reserved URI query parameter i… Mark Nottingham
- Re: [apps-discuss] Reserved URI query parameter i… Tim Bray
- Re: [apps-discuss] Reserved URI query parameter i… Ned Freed
- Re: [apps-discuss] Reserved URI query parameter i… Stephen Farrell
- Re: [apps-discuss] Reserved URI query parameter i… Carsten Bormann
- Re: [apps-discuss] Reserved URI query parameter i… John C Klensin
- Re: [apps-discuss] Reserved URI query parameter i… Ned Freed
- Re: [apps-discuss] Reserved URI query parameter i… Tim Bray
- Re: [apps-discuss] Reserved URI query parameter i… Mike Jones
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Stephen Farrell
- Re: [apps-discuss] Reserved URI query parameter i… Derek Atkins
- Re: [apps-discuss] Reserved URI query parameter i… William Mills
- Re: [apps-discuss] Reserved URI query parameter i… Stephen Farrell
- Re: [apps-discuss] Reserved URI query parameter i… William Mills
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Mike Jones
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… William Mills
- Re: [apps-discuss] Reserved URI query parameter i… Mark Nottingham
- Re: [apps-discuss] Reserved URI query parameter i… Eran Hammer
- Re: [apps-discuss] Reserved URI query parameter i… Mark Nottingham
- Re: [apps-discuss] Reserved URI query parameter i… Mark Nottingham
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt
- Re: [apps-discuss] Reserved URI query parameter i… Dick Hardt