IETF Logo Mail Archive

Re: [OAUTH-WG] Change grant_type="none" to something less confusing

Brian Campbell <bcampbell@pingidentity.com> Fri, 16 July 2010 19:23 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F08F23A6ADD for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 12:23:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.749
X-Spam-Level:
X-Spam-Status: No, score=-5.749 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Il5WaTuTutBn for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 12:23:00 -0700 (PDT)
Received: from na3sys009aog113.obsmtp.com (na3sys009aog113.obsmtp.com [74.125.149.209]) by core3.amsl.com (Postfix) with SMTP id A45653A6991 for <oauth@ietf.org>; Fri, 16 Jul 2010 12:22:59 -0700 (PDT)
Received: from source ([209.85.161.41]) by na3sys009aob113.postini.com ([74.125.148.12]) with SMTP ID DSNKTECxnpjVPauoLqXIVOyhte72HUwse0bF@postini.com; Fri, 16 Jul 2010 12:23:12 PDT
Received: by fxm20 with SMTP id 20so1336199fxm.28 for <oauth@ietf.org>; Fri, 16 Jul 2010 12:23:10 -0700 (PDT)
Received: by 10.223.111.200 with SMTP id t8mr1060546fap.31.1279308190301; Fri, 16 Jul 2010 12:23:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.105.135 with HTTP; Fri, 16 Jul 2010 12:22:40 -0700 (PDT)
In-Reply-To: <AANLkTim_GpxKx2G6FQN9TGwMYxnRv4N7pOo7Yo3g2s6c@mail.gmail.com>
References: <1279297826.11628.61.camel@localhost.localdomain> <AANLkTinRE0My8GRTVrBM9cwyCWgrpeYQzul3YBp_Z-8A@mail.gmail.com> <AANLkTim_GpxKx2G6FQN9TGwMYxnRv4N7pOo7Yo3g2s6c@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 16 Jul 2010 13:22:40 -0600
Message-ID: <AANLkTinDwGDYq4IYA9BKJakdEMnR8FbruTqR4i_zS88p@mail.gmail.com>
To: Brian Eaton <beaton@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Change grant_type="none" to something less confusing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 19:23:01 -0000

+1 for something different but not "client password" as sounds like it
would preclude other methods of client authentication

On Fri, Jul 16, 2010 at 10:41 AM, Brian Eaton <beaton@google.com> wrote:
> +1.
>
> How about calling it "client password", or something along those
> lines...?  That's what Dick called it for WRAP.
>
> http://tools.ietf.org/html/draft-hardt-oauth-01#page-13
>
> Cheers,
> Brian
>
> On Fri, Jul 16, 2010 at 9:39 AM, Marius Scurtescu <mscurtescu@google.com> wrote:
>> I agree that grant_type=none is confusing. "client" or "direct" sound better.
>>
>> Marius
>>
>>
>>
>> On Fri, Jul 16, 2010 at 9:30 AM, Justin Richer <jricher@mitre.org> wrote:
>>> The choice of the value "none" for the grant_type parameter in the
>>> client-credentials case is confusing. I understand the philosophy behind
>>> this choice, but I think that calling it "none" here gives the wrong
>>> impression. It almost sounds like it's a deny-request on first glance,
>>> or even a revoke request of some type. Furthermore, I'd say that there
>>> really is an access grant being made here, but it's implicit, and given
>>> to the client directly and not to an end user.
>>>
>>> I propose we change this key to "client", "implicit", "direct", or
>>> something other than "none" to avoid this kind of confusion. Along with
>>> this, I would also like the paragraph in 4.1 describing the usage of
>>> this grant type to be pulled into its own (admittedly short) subsection.
>>> In this way, someone looking to implement this style of auth will have
>>> somewhere concrete to look, bringing this method on par with others in
>>> section 4.1.
>>>
>>>  -- Justin
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.34.0 | Report a Bug | By Email | System Status