IETF Logo Mail Archive

Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer

Tim Bray <tbray@textuality.com> Fri, 13 April 2012 22:07 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F6121F8460 for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 15:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.662
X-Spam-Level:
X-Spam-Status: No, score=-2.662 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3iEEH27m2rA for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 15:07:02 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5D521F844D for <apps-discuss@ietf.org>; Fri, 13 Apr 2012 15:07:02 -0700 (PDT)
Received: by obbtb4 with SMTP id tb4so5394468obb.31 for <apps-discuss@ietf.org>; Fri, 13 Apr 2012 15:07:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=bgzoHctOvFy3OFAVrXV/VsAdGa8P2KhPfS/1OUpdmEk=; b=gLW/aoC1U6tmMRa72HESgUwrlMyAeKJD50tPJqzJlUftLqevX5r26JnUgY2zmJKm4k cgruC5o+xN4giZTPeauQDH1+PQVmPRbmUDPmx2Bf4DvbD7Boz8CX2U+d6rkbOE+fP6sa NQH3QrhO/8KhZJ5IFDcdQDhgn7hrfLrY24cSCF9ctip3c4XExaYP56vC4R7YBf88m8tZ AuxepBYk9nALQf0HYZuAev9WpQIl6kEZlx/bXnNE9VQR4A4c+dLM6RSMA1fMUOilQu+S HElUTJT+NctlTOkBMjUg3nq79dC0VJwm1YVNfXrb0P6sScdG1ryMeOuSMXnzcxVH1GeX 46hA==
MIME-Version: 1.0
Received: by 10.182.177.99 with SMTP id cp3mr4631377obc.28.1334354822272; Fri, 13 Apr 2012 15:07:02 -0700 (PDT)
Received: by 10.182.29.6 with HTTP; Fri, 13 Apr 2012 15:07:02 -0700 (PDT)
X-Originating-IP: [76.10.185.119]
In-Reply-To: <4F8898A9.8020806@cs.tcd.ie>
References: <4F866AC0.3000603@qualcomm.com> <01OE8FW1U53G00ZUIL@mauve.mrochek.com> <82462DAA-5118-4108-AA5C-FBEBBC563D4E@mnot.net> <01OE921YMRSW00ZUIL@mauve.mrochek.com> <4F8898A9.8020806@cs.tcd.ie>
Date: Fri, 13 Apr 2012 15:07:02 -0700
Message-ID: <CAHBU6it6vxo=B85Q7fpzsVY97QD8jtbEs-pxvWHP-81zv8Ov4g@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmzcJ5KliHGkOToZ9SarGEoOXh5ylquG/0dlQcdMMEfFggyj/J5/we4N4IGxlQ+ak9tEd2E
Cc: Pete Resnick <presnick@qualcomm.com>, Mark Nottingham <mnot@mnot.net>, Ned Freed <ned.freed@mrochek.com>, Apps Discuss <apps-discuss@ietf.org>, draft-ietf-oauth-v2-bearer.all@tools.ietf.org
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 22:07:03 -0000

As I pointed out in the other thread on this, it’s an architectural
botch. Go and look in RFC3986 and find where it discusses reserving
keywords in this part of the URI.  Hey, it’s not there!  (hint, hint)

What *is* there is a lengthy discussion of the very important task,
done probably millions of times per second, of comparing two URIs and
deciding if they're equivalent, i.e. identify the same thing; this is
done by every piece of caching infrastructure and webcrawler.  Do all
these have to be retooled to peek in the arguments and change their
decision based on whether some bits are just outh_* crud?    (That
question is rhetorical).

This is a deeply bad idea. -T

On Fri, Apr 13, 2012 at 2:20 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
> On 04/13/2012 08:43 AM, Ned Freed wrote:
>> I certainly don't object to doing that. In fact I don't object to dropping this
>> nasty hack from the document, although perhaps documenting it as *not*
>> standardized and explaining why it sucks would be even better.
>
> So I've a possibly naive question:
>
> Why is it harmful to standardise a parameter name for use in
> query strings?
>
> Note: I'm not asking if access_token is a good or bad name for
> one of those, nor how exactly to standardise one well or badly,
> nor who should do that, but it seems from the comments here that
> some folks are against the idea of standardising anything after
> the authority is a bad idea, and I don't get why exactly that
> might be the case.
>
> Thanks,
> S.
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss

v2.23.0 | Report a Bug | By Email