Re: [OAUTH-WG] AD review of -22
John Bradley <ve7jtb@ve7jtb.com> Wed, 02 November 2011 21:04 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881E61F0C5D for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:04:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.537
X-Spam-Level:
X-Spam-Status: No, score=-3.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1R7jftmGiEDI for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:04:35 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id D03371F0C59 for <oauth@ietf.org>; Wed, 2 Nov 2011 14:04:34 -0700 (PDT)
Received: by ywt2 with SMTP id 2so627918ywt.31 for <oauth@ietf.org>; Wed, 02 Nov 2011 14:04:34 -0700 (PDT)
Received: by 10.236.154.3 with SMTP id g3mr9853439yhk.119.1320267874416; Wed, 02 Nov 2011 14:04:34 -0700 (PDT)
Received: from [192.168.1.213] ([190.22.4.104]) by mx.google.com with ESMTPS id q57sm5860606yhi.22.2011.11.02.14.04.31 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 02 Nov 2011 14:04:32 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: multipart/signed; boundary="Apple-Mail=_ACCFE374-8654-48AE-AA32-BC018A410705"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72345263321026@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Wed, 02 Nov 2011 18:04:29 -0300
Message-Id: <F83519DD-9BE1-4616-AE7B-B5116BD7C3E4@ve7jtb.com>
References: <4E971C36.7050000@cs.tcd.ie> <4EB19DD1.6050904@lodderstedt.net>, <5E3E5DFE-C122-4D89-9578-61A6C16EBD76@ve7jtb.com> <90C41DD21FB7C64BB94121FBBC2E72345263321025@P3PW5EX1MB01.EX1.SECURESERVER.NET> <F5B0E1D6-2377-4487-8D23-8E55CCABB260@ve7jtb.com>, <4EB1ABDF.4030509@cs.tcd.ie> <90C41DD21FB7C64BB94121FBBC2E72345263321026@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] AD review of -22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 21:04:35 -0000
I could probably live with the client needing to support both token types if we quite narrowly define client as a general purpose library designed to support multiple protocols using OAuth for authorization. That however is not the general use of the term in OAuth 2.0. Many clients will be optimized to work only with Bearer + TLS knowing in advance that the protocols they are used with only require Bearer. John B. On 2011-11-02, at 5:47 PM, Eran Hammer-Lahav wrote: > The problem is centered on the definition of a client. If it is a service specific implementation which is merely using OAuth for access, there isn't any interop requirements other than making sure the client and server are compatible. But if the client is a general purpose OAuth library or generic client (e.g. CURL), then the MTI becomes critical for any real interop. > > I don't have a strong prefernece here, but we should clearly define the client characteristics in this discussion since an OAuth client isn't usually similar to an HTTP client in its interop reality. > > I am not sure how to craft this language into spec form, but we might want to list such a MTI requirement in terms of a 'client designed to work across multiuple providers such as a general purpose library'. > > EHL > > ________________________________________ > From: Stephen Farrell [stephen.farrell@cs.tcd.ie] > Sent: Wednesday, November 02, 2011 1:45 PM > To: John Bradley > Cc: Eran Hammer-Lahav; oauth@ietf.org > Subject: Re: [OAUTH-WG] AD review of -22 > > So perhaps this is the interesting point of difference. > > On 11/02/2011 08:37 PM, John Bradley wrote: >> It is up to the server to decide what formats it will support. > > With IETF protocols, its IETF consensus that decides this in > almost all cases that affect interop and it is therefore not > up to the specific server deployment admin what the server > code will support. > > I think this case affects interop. and should be treated > as for any other IETF protocol. Am I wrong? > > S
- [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Phil Hunt
- Re: [OAUTH-WG] AD review of -22 Justin Richer
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Mike Jones
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 Phillip Hunt
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 André DeMarre
- Re: [OAUTH-WG] AD review of -22 William Mills
- Re: [OAUTH-WG] AD review of -22 Justin Richer
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Phil Hunt
- Re: [OAUTH-WG] AD review of -22 Michael Thomas
- Re: [OAUTH-WG] AD review of -22 William Mills