Re: [OAUTH-WG] Mandatory-to-implement token type

Leif Johansson <leifj@mnt.se> Sun, 11 December 2011 11:28 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7528A21F86A5 for <oauth@ietfa.amsl.com>; Sun, 11 Dec 2011 03:28:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.295
X-Spam-Level:
X-Spam-Status: No, score=-0.295 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BKUExglgEFQb for <oauth@ietfa.amsl.com>; Sun, 11 Dec 2011 03:28:54 -0800 (PST)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9CA4221F84C1 for <oauth@ietf.org>; Sun, 11 Dec 2011 03:28:53 -0800 (PST)
Received: by laah2 with SMTP id h2so963770laa.31 for <oauth@ietf.org>; Sun, 11 Dec 2011 03:28:52 -0800 (PST)
Received: by 10.152.109.105 with SMTP id hr9mr6010640lab.24.1323602932599; Sun, 11 Dec 2011 03:28:52 -0800 (PST)
Received: from [172.20.10.8] (2.67.73.229.mobile.tre.se. [2.67.73.229]) by mx.google.com with ESMTPS id fq5sm4025010lab.2.2011.12.11.03.28.50 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 11 Dec 2011 03:28:51 -0800 (PST)
References: <CALaySJJ+2au5rxEQmSSpXO42KmgCu=NhiLPBCx-3AH0hud=5CQ@mail.gmail.com> <CAH-8B6sjim_tcBkTPFWc1SnjhtHDQTR7sVT+aOjnYv7cs8JssA@mail.gmail.com> <4ED82D62.3070800@cs.tcd.ie> <CALaySJLKYLpPWc14_GUJKc5j1E3QovKQOx9HsdR-n2YV7kstpQ@mail.gmail.com> <4ED89384.9060603@cs.tcd.ie> <CAC4RtVBQdV+dwhzK903nkeNhsKzrHNFPYMK+EZtxRXnHWGs68w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435F7576DF@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAAz=sc=NMv-8Z4QDVCFAbcCoGtC0Zc84Sg+HCMEDOMOyiUsD3w@mail.gmail.com>
In-Reply-To: <CAAz=sc=NMv-8Z4QDVCFAbcCoGtC0Zc84Sg+HCMEDOMOyiUsD3w@mail.gmail.com>
Mime-Version: 1.0 (iPad Mail 8L1)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <C351DB69-72F0-49FF-84CB-015B48F26C23@mnt.se>
X-Mailer: iPad Mail (8L1)
From: Leif Johansson <leifj@mnt.se>
Date: Sun, 11 Dec 2011 12:30:38 +0100
To: Blaine Cook <romeda@gmail.com>
Cc: Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mandatory-to-implement token type
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Dec 2011 11:28:54 -0000

5 dec 2011 kl. 00:34 skrev Blaine Cook <romeda@gmail.com>:

> On 4 December 2011 02:26, Mike Jones <Michael.Jones@microsoft.com> wrote:
>> I strongly object to a mandatory-to-implement clause for the MAC scheme.  They are unnecessary and market forces have shown that implementers do not want or need this kind of an authentication scheme.
> 
> I'd say that Twitter, Flickr, Dropbox and dozens of other sites that
> have shipped OAuth 1.0a (MAC) in production and for billions of
> requests per day is a pretty strong market force.
> 
> People (especially politically incentivised standards wonks) arguing
> on a mailing list isn't a strong market force, and there are far fewer
> successful APIs that use Bearer tokens. Which isn't to say that they
> won't, just to say that what you want and what's used in the wild are
> very different things. Or, citation needed.
> 
> 

Oauth 1.0a mac and 2.0 mac are not the same thing. Yours is an argument for backwards compat I think.