IETF Logo Mail Archive

Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer

Ned Freed <ned.freed@mrochek.com> Fri, 13 April 2012 07:53 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77F9A21F8625 for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 00:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.387
X-Spam-Level:
X-Spam-Status: No, score=-2.387 tagged_above=-999 required=5 tests=[AWL=0.212, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NR-Lg86HmgG0 for <apps-discuss@ietfa.amsl.com>; Fri, 13 Apr 2012 00:53:03 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 4C50F21F849A for <apps-discuss@ietf.org>; Fri, 13 Apr 2012 00:53:01 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OE9220K5I8007AXE@mauve.mrochek.com> for apps-discuss@ietf.org; Fri, 13 Apr 2012 00:52:56 -0700 (PDT)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OE0NBOM18G00ZUIL@mauve.mrochek.com>; Fri, 13 Apr 2012 00:52:53 -0700 (PDT)
Message-id: <01OE921YMRSW00ZUIL@mauve.mrochek.com>
Date: Fri, 13 Apr 2012 00:43:24 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Thu, 12 Apr 2012 18:04:53 -0500" <82462DAA-5118-4108-AA5C-FBEBBC563D4E@mnot.net>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <4F866AC0.3000603@qualcomm.com> <01OE8FW1U53G00ZUIL@mauve.mrochek.com> <82462DAA-5118-4108-AA5C-FBEBBC563D4E@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
Cc: Pete Resnick <presnick@qualcomm.com>, Ned Freed <ned.freed@mrochek.com>, draft-ietf-oauth-v2-bearer.all@tools.ietf.org, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Reserved URI query parameter in draft-ietf-oauth-v2-bearer
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 07:53:03 -0000

> On 12/04/2012, at 4:15 PM, Ned Freed wrote:
> >
> > Pete, I think the issue is moot at this point. A quick google search clearly
> > shows that this stuff is already deployed by multiple vendors, including use of
> > access_token. As such, it is effectively impossible to change it at this point.
> >
> > I have to say I would have a lot more comfortable with a name like
> > oauth_access_token that removes the possibility of conflict with other uses,
> > but at this point it's a "grin and bear it" situation AFAICT.

> I would still like to see us do the right thing by the W3C, and I don't see
> why the IESG can't insert language that cautions against this (as well as
> future things like it).

I certainly don't object to doing that. In fact I don't object to dropping this
nasty hack from the document, although perhaps documenting it as *not*
standardized and explaining why it sucks would be even better.

But I also think that believing this will prevent or even significantly limit
it's use is probably unrealistic given how far it deployment appears to have
gotten.

				Ned

v2.23.0 | Report a Bug | By Email