IETF Logo Mail Archive

Re: [OAUTH-WG] Possible alternative resolution to issue 26

Mike Jones <Michael.Jones@microsoft.com> Fri, 07 October 2011 08:58 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 729F621F8A56 for <oauth@ietfa.amsl.com>; Fri, 7 Oct 2011 01:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.516
X-Spam-Level:
X-Spam-Status: No, score=-10.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xFlj6ZWO4xwq for <oauth@ietfa.amsl.com>; Fri, 7 Oct 2011 01:58:06 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id 929CC21F8A35 for <oauth@ietf.org>; Fri, 7 Oct 2011 01:58:06 -0700 (PDT)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 7 Oct 2011 02:01:19 -0700
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.142]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.01.0339.002; Fri, 7 Oct 2011 02:01:19 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Barry Leiba <barryleiba@computer.org>, "Thomson, Martin" <Martin.Thomson@commscope.com>
Thread-Topic: [OAUTH-WG] Possible alternative resolution to issue 26
Thread-Index: Acx+2PHmt3CFeZd3Q9qsd+qVAY1q8gCGXHeAADaHZIAAGpwHEAAVgBWAABcn+4AAAZ5AgAAAWuaAAAC2sIAAAXuIAAAOfxNwABJ+pGD//1kTAP/8t1Ug
Date: Fri, 07 Oct 2011 09:01:18 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C22C90F@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C21DD2C@TK5EX14MBXC284.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1129015546C@WSMSG3153V.srv.dir.telstra.com> <1317621663.4810.YahooMailNeo@web31813.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B16804296739435C226298@TK5EX14MBXC284.redmond.corp.microsoft.com> <1317704315.93442.YahooMailNeo@web31811.mail.mud.yahoo.com> <4E8B2DE1.2090706@mtcc.com> <C2C10679-2611-415B-80B7-8526937C1E82@oracle.com> <1317747487.89926.YahooMailNeo@web31809.mail.mud.yahoo.com> <6B898133-E7D0-45B1-9E3B-3B6DAFCDF671@oracle.com> <CAGdjJpJ+XkyPAJXEJa-3p3tNTxKzMpZXSHmH3H-m-7T9v=4x0Q@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435C2276BD@TK5EX14MBXC284.redmond.corp.microsoft.com> <27AFD040F6F8AA4193E0614E2E3AF9C910D2F0CAAA@SISPE7MB1.commscope.com> <CAC4RtVBkhHNF7dtfwhVr9oNa2+y+JT-sTaYY1nm2=rWu2s2tQQ@mail.gmail.com>
In-Reply-To: <CAC4RtVBkhHNF7dtfwhVr9oNa2+y+JT-sTaYY1nm2=rWu2s2tQQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2011 08:58:07 -0000

Introducing URI semantics for scope values containing colons seems like unnecessary and unmotivated invention at this point.  In the core spec, scope values are case-sensitive strings separated by spaces.  That's it.  Nothing about URIs or colons.  I believe that the scope semantics of the core and bearer specs should be consistent; this would not be.

Writing as an individual working group member...
				-- Mike

-----Original Message-----
From: barryleiba.mailing.lists@gmail.com [mailto:barryleiba.mailing.lists@gmail.com] On Behalf Of Barry Leiba
Sent: Tuesday, October 04, 2011 4:48 PM
To: Thomson, Martin
Cc: Mike Jones; Marius Scurtescu; Phil Hunt; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26

>> Existing practice is that simple ASCII strings like "email" 
>> "profile", "openid", etc. are used as scope elements.  Requiring them 
>> to be URIs would break most existing practice.
>
> Constraining syntax to an ascii token OR a URI (relative reference) 
> might work.  Anything with a colon can be interpreted as a URI; 
> anything without better use a constrained set of characters.

This sounds like a good compromise.  URI encoding is already specified elsewhere, and then ASCII tokens can be limited as they already are, with no encoding.

Are there any objections to this approach?

Barry

v2.39.1 | Report a Bug | By Email | System Status