IETF Logo Mail Archive

Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration

Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com> Thu, 23 May 2013 17:34 UTC

Return-Path: <Adam.Lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F7B421F9349 for <oauth@ietfa.amsl.com>; Thu, 23 May 2013 10:34:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.261
X-Spam-Level: *
X-Spam-Status: No, score=1.261 tagged_above=-999 required=5 tests=[AWL=1.727, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgUXpgKWdNr5 for <oauth@ietfa.amsl.com>; Thu, 23 May 2013 10:34:42 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0D721F8C4C for <oauth@ietf.org>; Thu, 23 May 2013 10:24:02 -0700 (PDT)
Received: from mail98-va3-R.bigfish.com (10.7.14.249) by VA3EHSOBE009.bigfish.com (10.7.40.29) with Microsoft SMTP Server id 14.1.225.23; Thu, 23 May 2013 17:24:02 +0000
Received: from mail98-va3 (localhost [127.0.0.1]) by mail98-va3-R.bigfish.com (Postfix) with ESMTP id 213813C03FF for <oauth@ietf.org>; Thu, 23 May 2013 17:24:02 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:129.188.136.17; KIP:(null); UIP:(null); IPV:NLI; H:il06msg01.mot-solutions.com; RD:none; EFVD:NLI
X-SpamScore: -29
X-BigFish: VPS-29(zzbb2dI98dI9371Ic85fh1e83M1418Izz1f42h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ah1fc6hzz1033IL17326ah18c673h1c8fb4h8275bh8275dhz2fh2a8h683h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1bceh1d07h1d0ch1d2eh1d3fh1155h)
Received-SPF: pass (mail98-va3: domain of motorolasolutions.com designates 129.188.136.17 as permitted sender) client-ip=129.188.136.17; envelope-from=Adam.Lewis@motorolasolutions.com; helo=il06msg01.mot-solutions.com ; olutions.com ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.237.133; KIP:(null); UIP:(null); (null); H:BY2PRD0411HT004.namprd04.prod.outlook.com; R:internal; EFV:INT
Received: from mail98-va3 (localhost.localdomain [127.0.0.1]) by mail98-va3 (MessageSwitch) id 1369329839396362_32221; Thu, 23 May 2013 17:23:59 +0000 (UTC)
Received: from VA3EHSMHS011.bigfish.com (unknown [10.7.14.247]) by mail98-va3.bigfish.com (Postfix) with ESMTP id 5940A2A006D for <oauth@ietf.org>; Thu, 23 May 2013 17:23:59 +0000 (UTC)
Received: from il06msg01.mot-solutions.com (129.188.136.17) by VA3EHSMHS011.bigfish.com (10.7.99.21) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 23 May 2013 17:23:58 +0000
Received: from il06msg01.mot-solutions.com (il06vts03.mot.com [129.188.137.143]) by il06msg01.mot-solutions.com (8.14.3/8.14.3) with ESMTP id r4NHNw4W024158 for <oauth@ietf.org>; Thu, 23 May 2013 12:23:58 -0500 (CDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by il06msg01.mot-solutions.com (8.14.3/8.14.3) with ESMTP id r4NHNnFh024138 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 23 May 2013 12:23:57 -0500 (CDT)
Received: from mail27-am1-R.bigfish.com (10.3.201.251) by AM1EHSOBE017.bigfish.com (10.3.207.139) with Microsoft SMTP Server id 14.1.225.23; Thu, 23 May 2013 17:23:55 +0000
Received: from mail27-am1 (localhost [127.0.0.1]) by mail27-am1-R.bigfish.com (Postfix) with ESMTP id 0F9933A0091 for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Thu, 23 May 2013 17:23:55 +0000 (UTC)
Received: from mail27-am1 (localhost.localdomain [127.0.0.1]) by mail27-am1 (MessageSwitch) id 1369329832711813_9905; Thu, 23 May 2013 17:23:52 +0000 (UTC)
Received: from AM1EHSMHS017.bigfish.com (unknown [10.3.201.242]) by mail27-am1.bigfish.com (Postfix) with ESMTP id A15FBC0049; Thu, 23 May 2013 17:23:52 +0000 (UTC)
Received: from BY2PRD0411HT004.namprd04.prod.outlook.com (157.56.237.133) by AM1EHSMHS017.bigfish.com (10.3.207.155) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 23 May 2013 17:23:49 +0000
Received: from BY2PRD0411MB441.namprd04.prod.outlook.com ([169.254.5.126]) by BY2PRD0411HT004.namprd04.prod.outlook.com ([10.255.128.39]) with mapi id 14.16.0311.000; Thu, 23 May 2013 17:23:36 +0000
From: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
To: Justin Richer <jricher@mitre.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration
Thread-Index: AQHOVxkrjcYEhpOC80K9Xhe0WMZcj5kTBWFA
Date: Thu, 23 May 2013 17:23:35 +0000
Message-ID: <59E470B10C4630419ED717AC79FCF9A9659ADA34@BY2PRD0411MB441.namprd04.prod.outlook.com>
References: <MLQM-20130520122606192-37488@mlite.mitre.org> <519D0C4D.60002@mitre.org>
In-Reply-To: <519D0C4D.60002@mitre.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [150.130.155.32]
Content-Type: multipart/alternative; boundary="_000_59E470B10C4630419ED717AC79FCF9A9659ADA34BY2PRD0411MB441_"
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%MITRE.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-CFilter-Loop: Reflected
X-OriginatorOrg: motorolasolutions.com
Subject: Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 17:34:59 -0000

For what it's worth, I am in favor of making the changes to (1) and (2) and leaving (3) unchanged.  (1) and (2) are definitely confusing to me, as I would normally have associated the issued and expiration times to the token.  (3) is obvious as it stands, and as other have mentioned, only clients authenticate to the endpoints, so adding client to the term doesn't add much value.

As mentioned, changing (1) and (2), it is not a difficult change, and anybody implementing to drafts will obviously understand that things change before getting RFC status.  Best to fix things now, that's what the last call is for after all.

-adam

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Justin Richer
Sent: Wednesday, May 22, 2013 1:20 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration

Speaking as an implementor, I'm actually in favor of changing "expires_at" and "issued_at" to the values proposed below. It would require some minor code changes on my end, but the impact would be minimal, and I think that the new names are *much* more clear to new developers. I think it will save us a lot of questions and headaches going forward. I believe that changing it now will have minimal impact on any deployed and running code (there are no large-scale services that I am aware of), and it will make things clearer. So I vote for "B" for #1 and #2.

I believe "token_endpoint_auth_method" is sufficient as is, since the client is the only thing that authenticates to the token endpoint.


[[ Note: As an editor, I don't believe it's really in my power to make that change unless there's support in the working group for making it. I really want more feedback from people, with explanation if you can. ]]

 -- Justin

On 05/20/2013 11:09 AM, Justin Richer wrote:
Phil Hunt's review of the Dynamic Registration specification has raised a couple of issues that I felt were getting buried by the larger discussion (which I still strongly encourage others to jump in to). Namely, Phil has suggested a couple of syntax changes to the names of several parameters.


1) expires_at -> client_secret_expires_at
2) issued_at -> client_id_issued_at
3) token_endpoint_auth_method -> token_endpoint_client_auth_method


I'd like to get a feeling, especially from developers who have deployed this draft spec, what we ought to do for each of these:

 A) Keep the parameter names as-is
 B) Adopt the new names as above
 C) Adopt a new name that I will specify

In all cases, clarifying text will be added to the parameter *definitions* so that it's more clear to people reading the spec what each piece does. Speaking as the editor: "A" is the default as far as I'm concerned, since we shouldn't change syntax without very good reason to do so. That said, if it's going to be better for developers with the new parameter names, I am open to fixing them now.

Naming things is hard.

 -- Justin




_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email