IETF Logo Mail Archive

[OAUTH-WG] Change grant_type="none" to something less confusing

Justin Richer <jricher@mitre.org> Fri, 16 July 2010 16:30 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67D433A6A94 for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 09:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.299
X-Spam-Level:
X-Spam-Status: No, score=-5.299 tagged_above=-999 required=5 tests=[AWL=-1.114, BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TOZzUFcscPD for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 09:30:23 -0700 (PDT)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id 7BC0D3A67F3 for <oauth@ietf.org>; Fri, 16 Jul 2010 09:30:23 -0700 (PDT)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o6GGURvZ025790 for <oauth@ietf.org>; Fri, 16 Jul 2010 12:30:27 -0400
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o6GGURIe025783 for <oauth@ietf.org>; Fri, 16 Jul 2010 12:30:27 -0400
Received: from [129.83.50.65] (129.83.50.65) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server id 8.2.254.0; Fri, 16 Jul 2010 12:30:27 -0400
From: Justin Richer <jricher@mitre.org>
To: OAuth WG <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 16 Jul 2010 12:30:26 -0400
Message-ID: <1279297826.11628.61.camel@localhost.localdomain>
MIME-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] Change grant_type="none" to something less confusing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 16:30:44 -0000

The choice of the value "none" for the grant_type parameter in the
client-credentials case is confusing. I understand the philosophy behind
this choice, but I think that calling it "none" here gives the wrong
impression. It almost sounds like it's a deny-request on first glance,
or even a revoke request of some type. Furthermore, I'd say that there
really is an access grant being made here, but it's implicit, and given
to the client directly and not to an end user. 

I propose we change this key to "client", "implicit", "direct", or
something other than "none" to avoid this kind of confusion. Along with
this, I would also like the paragraph in 4.1 describing the usage of
this grant type to be pulled into its own (admittedly short) subsection.
In this way, someone looking to implement this style of auth will have
somewhere concrete to look, bringing this method on par with others in
section 4.1. 

 -- Justin

v2.35.0 | Report a Bug | By Email | System Status