Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

Mike Jones <Michael.Jones@microsoft.com> Wed, 19 October 2011 17:27 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A6321F8B63 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 10:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.848
X-Spam-Level:
X-Spam-Status: No, score=-9.848 tagged_above=-999 required=5 tests=[AWL=0.751, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uT9kX+kX10i5 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 10:26:59 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id D559621F8B46 for <oauth@ietf.org>; Wed, 19 Oct 2011 10:26:59 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 19 Oct 2011 10:26:59 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.243]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.01.0339.002; Wed, 19 Oct 2011 10:26:59 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Marius Scurtescu <mscurtescu@google.com>, Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
Thread-Index: AcyOhEX2MoapwDAFQeCnbrefR2l5FA==
Date: Wed, 19 Oct 2011 17:26:58 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24A747@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 17:27:00 -0000

Yes, it covers all the characters legal in URIs.  Per earlier discussion on the list, scopes are not restricted to being URIs, as existing practice includes scope elements that are not URIs such as "email" "profile", and "openid".

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Marius Scurtescu
Sent: Wednesday, October 19, 2011 10:24 AM
To: Julian Reschke
Cc: OAuth WG
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

Marius



On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>
>> Space is allowed inside a quoted string and is already not allowed 
>> inside each scope string.
>>
>> EHL
>> ...
>
> a) yes.
>
> b) well:
>
>   The value of the scope parameter is expressed as a list of space-
>   delimited, case sensitive strings.  The strings are defined by the
>   authorization server.  If the value contains multiple 
> space-delimited
>   strings, their order does not matter, and each string adds an
>   additional access range to the requested scope.
>
> That certainly implies that you can't have a space inside a token, but 
> it could be clearer.
>
> Optimally, state the character repertoire precisely:
>
>  scopetokenchar =  %x21 / %x23-5B / %x5D-7E
>  ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>
> ?

Is this covering all characters allowed in a URI? Why not define scopes as a list of URIs?

>
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth