Re: [OAUTH-WG] Proposed resolution for issue 26
Mark Lentczner <mzero@google.com> Tue, 04 October 2011 23:49 UTC
Return-Path: <mzero@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A691921F8C44 for <oauth@ietfa.amsl.com>; Tue, 4 Oct 2011 16:49:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvo-LxVN-Wu0 for <oauth@ietfa.amsl.com>; Tue, 4 Oct 2011 16:49:57 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id AD61721F8CA1 for <oauth@ietf.org>; Tue, 4 Oct 2011 16:49:56 -0700 (PDT)
Received: from wpaz24.hot.corp.google.com (wpaz24.hot.corp.google.com [172.24.198.88]) by smtp-out.google.com with ESMTP id p94NquTE017308 for <oauth@ietf.org>; Tue, 4 Oct 2011 16:52:57 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1317772377; bh=yEdPycReIS34EP9e2UTCsH1smHI=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Content-Type; b=wyONH5RYoe7Md5nuhrGK8HnTz3qGDxjDKt6h7guY/gL+tGccOQ/JGHruxRXFI05tP quFb0+C5zacHUH7ipctuA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:from:date: message-id:subject:to:content-type:x-system-of-record; b=Hd9u/OZJCojtWtY4bffdaL1iTHXnAZ/1dfANLz4JfZy79uAznPhDpwPDH7s4gUGVh m1B4bFCwwMCKFsSKUm68Q==
Received: from iabn5 (iabn5.prod.google.com [10.12.90.5]) by wpaz24.hot.corp.google.com with ESMTP id p94NpcDU008309 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <oauth@ietf.org>; Tue, 4 Oct 2011 16:52:55 -0700
Received: by iabn5 with SMTP id n5so1585838iab.24 for <oauth@ietf.org>; Tue, 04 Oct 2011 16:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=PHLNJ5y8cEsfOS20+iHr0SgqiJ1z2SX/iOg1Xbi4hGQ=; b=XulrbuIFmCsxbnbIRzjv+y77hdEYer1GugaAp1SUMd4SxTAHIBS+UovgQXXptDrO/k m+rHHsHtDYrsckLBdpeQ==
Received: by 10.231.73.139 with SMTP id q11mr3100888ibj.97.1317772375235; Tue, 04 Oct 2011 16:52:55 -0700 (PDT)
Received: by 10.231.73.139 with SMTP id q11mr3100883ibj.97.1317772375093; Tue, 04 Oct 2011 16:52:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.32.140 with HTTP; Tue, 4 Oct 2011 16:52:35 -0700 (PDT)
In-Reply-To: <CA+k3eCSiowbODXVis-HTZ+hTvwsA-b_XjLtKiL2Gy36hH_=z5w@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739435C1FC6A1@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAC4RtVDOPaMif55L6JAU4C8aERHgt6M0ntet7GKwgQJbUQKMZw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435C2148B5@TK5EX14MBXC285.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1128FF826E5@WSMSG3153V.srv.dir.telstra.com> <CAC4RtVAj7UG-7kgo3CU5Q6eeJFXi2VciQHUoGL5WJ8iq5cmykg@mail.gmail.com> <CAGdjJpKTAAFq_YGXWOdhT7+Sxyaay5gbjx_ktha8Z6EYaxvtYA@mail.gmail.com> <CA+k3eCSiowbODXVis-HTZ+hTvwsA-b_XjLtKiL2Gy36hH_=z5w@mail.gmail.com>
From: Mark Lentczner <mzero@google.com>
Date: Tue, 04 Oct 2011 16:52:35 -0700
Message-ID: <CA+CHLQ5dFuUbFD2uQd0LjLrZHj++h+J58CxZk_WDF=_uYOK2Ng@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd4b0ee4ff35f04ae81cabd"
X-System-Of-Record: true
Subject: Re: [OAUTH-WG] Proposed resolution for issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 23:49:57 -0000
I think James has made the case that there is an issue clear. As for what to pick, I favor not restricting scopes in the core spec, and clearly specifying the way scopes will be presented in HTTP headers in the bearer spec. For the later, James supplies a nice list of the alternatives. Personally, I think the URI-escaping is least likely to trip developers up. One must be aware, though, that if there is only one scope string to provide, and it meets the token production, then the scope needn't be in quotes. I believe RFC 5987 is vast over-kill in this case. We have no need to enable multiple different encodings, nor multiple encodings with a single header. Further, I wonder how widespread support for it is in various HTTP frameworks. - Mark
- [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Marius Scurtescu
- Re: [OAUTH-WG] Proposed resolution for issue 26 Brian Campbell
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mark Lentczner
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Justin Richer
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke