Re: [OAUTH-WG] Proposed resolution for issue 26
Julian Reschke <julian.reschke@gmx.de> Wed, 05 October 2011 07:20 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C4E021F8B46 for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 00:20:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.043
X-Spam-Level:
X-Spam-Status: No, score=-103.043 tagged_above=-999 required=5 tests=[AWL=-0.444, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id THL9nm1MKr3e for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 00:20:20 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id B283F21F8B45 for <oauth@ietf.org>; Wed, 5 Oct 2011 00:20:19 -0700 (PDT)
Received: (qmail invoked by alias); 05 Oct 2011 07:23:24 -0000
Received: from p5DCC39D6.dip.t-dialin.net (EHLO [192.168.178.36]) [93.204.57.214] by mail.gmx.net (mp044) with SMTP; 05 Oct 2011 09:23:24 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+ZyEg/u6eZ6KdS6D3ASNJs0CseLk7OpTMRaWWJ4r ipu6xBSbvn0TjF
Message-ID: <4E8C05EA.5060004@gmx.de>
Date: Wed, 05 Oct 2011 09:23:22 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Mark Lentczner <mzero@google.com>
References: <4E1F6AAD24975D4BA5B16804296739435C1FC6A1@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAC4RtVDOPaMif55L6JAU4C8aERHgt6M0ntet7GKwgQJbUQKMZw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435C2148B5@TK5EX14MBXC285.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1128FF826E5@WSMSG3153V.srv.dir.telstra.com> <CAC4RtVAj7UG-7kgo3CU5Q6eeJFXi2VciQHUoGL5WJ8iq5cmykg@mail.gmail.com> <CAGdjJpKTAAFq_YGXWOdhT7+Sxyaay5gbjx_ktha8Z6EYaxvtYA@mail.gmail.com> <CA+k3eCSiowbODXVis-HTZ+hTvwsA-b_XjLtKiL2Gy36hH_=z5w@mail.gmail.com> <CA+CHLQ5dFuUbFD2uQd0LjLrZHj++h+J58CxZk_WDF=_uYOK2Ng@mail.gmail.com>
In-Reply-To: <CA+CHLQ5dFuUbFD2uQd0LjLrZHj++h+J58CxZk_WDF=_uYOK2Ng@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Proposed resolution for issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2011 07:20:21 -0000
On 2011-10-05 01:52, Mark Lentczner wrote: > I think James has made the case that there is an issue clear. > > As for what to pick, I favor not restricting scopes in the core spec, > and clearly specifying the way scopes will be presented in HTTP headers > in the bearer spec. > > For the later, James supplies a nice list of the alternatives. > Personally, I think the URI-escaping is least likely to trip developers > up. One must be aware, though, that if there is only one scope string to > provide, and it meets the token production, then the scope needn't be in > quotes. > > I believe RFC 5987 is vast over-kill in this case. We have no need to > enable multiple different encodings, nor multiple encodings with a > single header. Further, I wonder how widespread support for it is in > various HTTP frameworks. To answer that: RFC 5987 requires recipients to support UTF-8 and ISO-8859-1: so *two* encoding schemes. RFC 5987bis which is currently under discussion restricts this further to UTF-8. HTTP frameworks that support Content-Disposition properly should have support for it. I'm not saying that many do right now, but the number is growing. Format-wise: the value field is the same as for URI encoding, except that it adds a prefix specifying the encoding (and the optional language). It's dead easy to parse as you can just split on single quotes, take the first as encoding name and the third as URI-encoded value. Finally, "just" specifying URI encoding still requires that people are told which encoding to use before percent encoding. In RFC 5987 this is explicit on the wire. If you do just URI encoding there's always the risk that people don't "get" it and just use what seems simple and works for ASCII (for instance, String.getBytes() without encoding parameter). Best regards, Julian
- [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Marius Scurtescu
- Re: [OAUTH-WG] Proposed resolution for issue 26 Brian Campbell
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mark Lentczner
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Justin Richer
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke