Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
Mike Jones <Michael.Jones@microsoft.com> Sun, 16 October 2011 05:12 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EC2921F8678 for <oauth@ietfa.amsl.com>; Sat, 15 Oct 2011 22:12:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.698
X-Spam-Level:
X-Spam-Status: No, score=-9.698 tagged_above=-999 required=5 tests=[AWL=0.901, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WA55U+-AQHZ3 for <oauth@ietfa.amsl.com>; Sat, 15 Oct 2011 22:12:33 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id AD83D21F85B1 for <oauth@ietf.org>; Sat, 15 Oct 2011 22:12:33 -0700 (PDT)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Sat, 15 Oct 2011 22:12:33 -0700
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.142]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.01.0339.002; Sat, 15 Oct 2011 22:12:33 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
Thread-Index: AcyKh/E84FL2MRLXQ1OcfkfuKXpuHgAUZreAAA6h74D//5wXAIAAcimw///XqhD//pNi4A==
Date: Sun, 16 Oct 2011 05:12:32 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C23EA6A@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435C23C5A6@TK5EX14MBXC284.redmond.corp.microsoft.com><7A22B287-CC99-4FD7-84DF-8FF5DA871FC6@gmx.net><4E1F6AAD24975D4BA5B16804296739435C23CAFE@TK5EX14MBXC284.redmond.corp.microsoft.com><89BE3D9D-AB1D-44B2-BA7D-0C0D74BCA885@gmx.net> <4E1F6AAD24975D4BA5B16804296739435C23CC9D@TK5EX14MBXC284.redmond.corp.microsoft.com> <999913AB42CC9341B05A99BBF358718DAABC44@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718DAABC44@FIESEXC035.nsn-intra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2011 05:12:34 -0000
In your note yesterday summarizing our proposed issue resolutions, you wrote "The scope field is yet another item that will not be shown to the user and it serves the purpose of an identifier for authorization comparison. So, we don't need to have any internationalization support here either." I'm therefore confused by your note below, Hannes, as it seems to me to contradict both your statement above. In particular, there's no need for Unicode encodings when internationalization isn't required. ASCII characters are fine for representing machine-readable scope elements that will never be displayed to users. That's the approach I'm taking in draft 10. (And indeed, EVERY draft of the bearer token spec has specified only ASCII characters, so this is nothing new...) -- Mike -----Original Message----- From: Tschofenig, Hannes (NSN - FI/Espoo) [mailto:hannes.tschofenig@nsn.com] Sent: Saturday, October 15, 2011 5:16 AM To: Mike Jones; Hannes Tschofenig Cc: OAuth WG Subject: RE: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions Hi Mike, this is not specific enough. A string could be defined as " A string is a sequence of zero or more Unicode characters [UNICODE]. " (as in RFC 4627), or as " 8-bit binary data without a NUL (hex 00) termination " (as in RADIUS, RFC 2865). In any case, we have to consider the constraints from the usage of "application/x-www-form-urlencoded". In our specific case this means that we have to get from the scope string to an octet sequence, which is allowed by application/x-www-form-urlencoded. Julian had pointed to this issue already (see mail from October 7th). If you want any string (with the exception of SP, which is the delimiter) then you have to choose an encoding that is able to represent Unicode in ASCII. There are a few choices and according to Julian the following options exist: a) RFC 5987 b) URI encoding to UTF-8 encoding (which is essentially like RFC 5987 but to omit the language part of the triple) c) JSON (with the problem that the "\" notation in the quoted-string) If you want to go along this route then I would suggest to go for (a) and to include a couple of examples (see Section 3.2.2 of RFC 5987 for examples). This is clearly better than inventing a new mechanism ourselves. The language tag is optional and RFC 5987 only requires parser support for UTF-8 and ISO-8859-1. Ciao Hannes -----Original Message----- From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of ext Mike Jones Sent: Friday, October 14, 2011 10:40 PM To: Hannes Tschofenig Cc: OAuth WG Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions Any strings that the Authorization Server chooses to define meanings for -----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] Sent: Friday, October 14, 2011 12:28 PM To: Mike Jones Cc: Hannes Tschofenig; OAuth WG Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions Hi Mike, what values do we want to support? We know that from the base specification we want a list of space-delimited, case sensitive strings. We don't want support for internationalized character-sets. Ciao Hannes On Oct 14, 2011, at 9:32 PM, Mike Jones wrote: > The core spec says "The strings are defined by the authorization server" (see http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3). I don't see a reason to change that - especially this late in the game. I am not introducing any standardized or reserved values. > > My intent is not require or even suggest that scope values should be URIs. My intent is to not preclude them from being so. > > -- Mike > > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Friday, October 14, 2011 11:27 AM > To: Mike Jones > Cc: Hannes Tschofenig; OAuth WG > Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions > > Hi Mike, > > On Oct 14, 2011, at 6:42 PM, Mike Jones wrote: > >> 2. Scope - I was planning to allow a broader set of ASCII characters than the "token" set, as these characters are inadequate for the use of URIs/URLs as scope elements. In particular, scope elements need to permit the full sets of "reserved" and "unreserved" characters in RFC 3986. The draft I am working on will say that scope is a space separated set of elements, where the elements consist of one or more characters from the union of the "reserved" and "unreserved" sets. > > Wouldn't it be more useful to say that you either want some plaintext values for the scope or URLs but not both? > > Also, if you want to introduce "standardized" (or reserved values) then you have to > a) specify them now (with no ability to change them), or > b) prefix them. > > Ciao > Hannes > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Is… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… John Bradley
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… John Bradley
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Richer, Justin P.
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… John Bradley
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… John Bradley
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Phil Hunt
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Marius Scurtescu
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Marius Scurtescu
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Marius Scurtescu
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… William Mills
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Julian Reschke
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer
- Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Ope… Eran Hammer