[OAUTH-WG] Section 10.3 client advice inapplicable?
Andrew Arnott <andrewarnott@gmail.com> Sun, 19 February 2012 15:08 UTC
Return-Path: <andrewarnott@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6806521F847A for <oauth@ietfa.amsl.com>; Sun, 19 Feb 2012 07:08:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRv6PSEgT-wu for <oauth@ietfa.amsl.com>; Sun, 19 Feb 2012 07:08:51 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id AA96D21F8472 for <oauth@ietf.org>; Sun, 19 Feb 2012 07:08:51 -0800 (PST)
Received: by qan41 with SMTP id 41so5115412qan.10 for <oauth@ietf.org>; Sun, 19 Feb 2012 07:08:51 -0800 (PST)
Received-SPF: pass (google.com: domain of andrewarnott@gmail.com designates 10.229.106.221 as permitted sender) client-ip=10.229.106.221;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of andrewarnott@gmail.com designates 10.229.106.221 as permitted sender) smtp.mail=andrewarnott@gmail.com; dkim=pass header.i=andrewarnott@gmail.com
Received: from mr.google.com ([10.229.106.221]) by 10.229.106.221 with SMTP id y29mr12483070qco.88.1329664131307 (num_hops = 1); Sun, 19 Feb 2012 07:08:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=SkQcwOvCbi7+IQNQ8GRgRU7yg5QGqY/n+dpyNPGPEno=; b=BQp7Xw/8VjJORDSVD37tPId1HMhangd3yASJ8MV+2DpbfV2NQVUWQ6zprJo2LHjewX P4CgWAmFtAlE2vkHOkgVpwHhEIhVJJtBJ+VaTdhiLzQ96ExFrlADYbGzQzbQYc7uAMvp 0Z2j3VsxW/eZ0ZfowYyv3dcJL4mG9xqhtxqH8=
Received: by 10.229.106.221 with SMTP id y29mr10611015qco.88.1329664131217; Sun, 19 Feb 2012 07:08:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.25.8 with HTTP; Sun, 19 Feb 2012 07:08:31 -0800 (PST)
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Sun, 19 Feb 2012 07:08:31 -0800
Message-ID: <CAE358b7joJKo5aK9PHmno_8Y6myQjjbafSRY_+wQyJH2P14NoA@mail.gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="002354470f6c36382a04b9528e68"
Subject: [OAUTH-WG] Section 10.3 client advice inapplicable?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Feb 2012 15:08:52 -0000
>From draft 23, section 10.3: The client SHOULD request access tokens with the minimal scope and lifetimenecessary. The authorization server SHOULD take the client identity into account when choosing how to honor the requested scope and lifetime, and MAY issue an access token with a less rights than requested. I can't find the part in the spec where the client can request access tokens in such a way as to influence the lifetime. Why is the client then being advised in the above section to minimize the lifetime of the access tokens it asks for? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
- [OAUTH-WG] Section 10.3 client advice inapplicabl… Andrew Arnott
- Re: [OAUTH-WG] Section 10.3 client advice inappli… John Bradley
- Re: [OAUTH-WG] Section 10.3 client advice inappli… Eran Hammer