[OAUTH-WG] scp claim in draft-ietf-oauth-token-exchange-12

Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 15 April 2018 16:43 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7E416124BE8 for <oauth@ietfa.amsl.com>; Sun, 15 Apr 2018 09:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id p55SLnzF7tSf for <oauth@ietfa.amsl.com>; Sun, 15 Apr 2018 09:43:08 -0700 (PDT)
Received: from smtprelay07.ispgateway.de (smtprelay07.ispgateway.de []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D3F12426E for <oauth@ietf.org>; Sun, 15 Apr 2018 09:43:07 -0700 (PDT)
Received: from [] (helo=[]) by smtprelay07.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1f7kk4-0000oL-Sh for oauth@ietf.org; Sun, 15 Apr 2018 18:43:04 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_A3E6F0DD-257B-4347-8E1E-076EE8E5FB81"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Message-Id: <C1972A3F-98FD-44FF-8090-2C141A801F76@lodderstedt.net>
Date: Sun, 15 Apr 2018 18:43:03 +0200
To: oauth <oauth@ietf.org>
X-Mailer: Apple Mail (2.3445.6.18)
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/5M3B2GSxeyOqsj2UtVbSbFPyh5A>
Subject: [OAUTH-WG] scp claim in draft-ietf-oauth-token-exchange-12
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2018 16:43:10 -0000

Hi all,

I I’m wondering why draft-ietf-oauth-token-exchange-12 defines a claim „scp“ to carry scope values while RFC 7591 and RFC 7662 use a claim „scope“ for the same purpose. As far as I understand the text, the intension is to represent a list of RFC6749 scopes. Is this correct? What’s the rationale behind?

Different claim names for representing scope values confuse people. I realized that when one of our developers pointed out that difference recently. 

best regards,