IETF Logo Mail Archive

Re: [OAUTH-WG] Clarification on whether arguments can contain empty values

Eran Hammer-Lahav <eran@hueniverse.com> Tue, 15 June 2010 16:43 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 627443A6B0B for <oauth@core3.amsl.com>; Tue, 15 Jun 2010 09:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[AWL=0.478, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zh3Sws-IXlLS for <oauth@core3.amsl.com>; Tue, 15 Jun 2010 09:43:46 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id 65A273A6B0D for <oauth@ietf.org>; Tue, 15 Jun 2010 09:43:46 -0700 (PDT)
Received: (qmail 20934 invoked from network); 15 Jun 2010 16:43:50 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 15 Jun 2010 16:43:50 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Tue, 15 Jun 2010 09:43:42 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Andrew Arnott <andrewarnott@gmail.com>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Date: Tue, 15 Jun 2010 09:43:48 -0700
Thread-Topic: [OAUTH-WG] Clarification on whether arguments can contain empty values
Thread-Index: AcsMkoMxR+TvUkakS568T9Sy44f9VwAF1ZSQ
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3EBB6A36@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <AANLkTilaQF2ekUiICodnfDcaN67YACulK4xqoAGVFkox@mail.gmail.com>
In-Reply-To: <AANLkTilaQF2ekUiICodnfDcaN67YACulK4xqoAGVFkox@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E72343B3EBB6A36P3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Clarification on whether arguments can contain empty values
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2010 16:43:47 -0000

The best way to address this is to write more resilient servers. Servers should accept empty optional parameters.

EHL

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Andrew Arnott
Sent: Tuesday, June 15, 2010 6:56 AM
To: OAuth WG (oauth@ietf.org)
Subject: [OAUTH-WG] Clarification on whether arguments can contain empty values

Can we get some clarification into the spec as to whether optional parameters can be present but empty?  Particularly parameters such as tokens that obviously cannot be meaningful when having an empty value.  This was a muddy issue in the OpenID spec, where some implementations would include empty parameters rather than just omitting them, breaking other implementations that would expect that if the parameter is present it ought to have a meaningful value.

My own vote: parameters must have valid values (non-empty) if they are present, unless they are opaque strings (like client state) that the remote party doesn't have to do anything but imitate back anyway.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

v2.45.0 | Report a Bug | By Email | System Status