IETF Logo Mail Archive

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

David Recordon <recordond@gmail.com> Sun, 09 May 2010 23:14 UTC

Return-Path: <recordond@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DD3A3A694D for <oauth@core3.amsl.com>; Sun, 9 May 2010 16:14:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.392
X-Spam-Level:
X-Spam-Status: No, score=-1.392 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i+LAjazMQ+ER for <oauth@core3.amsl.com>; Sun, 9 May 2010 16:14:07 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id 7B9DE3A6AAE for <oauth@ietf.org>; Sun, 9 May 2010 16:14:01 -0700 (PDT)
Received: by gwaa12 with SMTP id a12so1677189gwa.31 for <oauth@ietf.org>; Sun, 09 May 2010 16:13:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=zjgf4eoe9WEMAV2ZPDI+jnlhmOb6DswtRP0Qj6bwG80=; b=JTQRgCQvVgLvvBLeK/uVWPnGrBwAVTAZzgPavyxwxWisY9TZyANANNafBODeOZ1+O0 gXW8I0c1Nsq5JhA2OCWJba0eyU46/ViJrU8S5hch2ePq1AEvKAE3AoZBqIHnmPQR78zr 93rmS7Xo14wnLROMziaJUIV6jhAqbzX41brgE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Yfe3mgJfiJ0B/8NOD5wnAzgiG9RCSWOnGXERSskl0B7yW3XlIG+2qvI9o4YOsCouZq IV1KUe/ePbpYI9zfQgjB+0gwelZrEuranO1tqyM3NkEwSX6YfweUiDRt+5yhlTwzANBC IGmbRgsHHFXyXPA6mvjfoMUqHmWAL753pbhNU=
MIME-Version: 1.0
Received: by 10.231.156.19 with SMTP id u19mr1473553ibw.66.1273446826375; Sun, 09 May 2010 16:13:46 -0700 (PDT)
Received: by 10.231.183.195 with HTTP; Sun, 9 May 2010 16:13:46 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Sun, 09 May 2010 16:13:46 -0700
Message-ID: <i2mfd6741651005091613l462068b6nb8626e6d19c4383e@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2010 23:14:11 -0000

On Sun, May 9, 2010 at 2:06 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> DEADLINE: 5/13
>
> I would like to publish one more draft before our interim meeting in two weeks (5/20). Below are two open issues we have on the list. Please reply with your preference (or additional solutions) to each item. Issues with consensus will be incorporated into the next draft. Those without will be discussed at the meeting.
>
> EHL
>
> ---
>
> 1. Server Response Format
>
> After extensive debate, we have a large group in favor of using JSON as the only response format (current draft). We also have a smaller group but with stronger feelings on the subject that JSON adds complexity with no obvious value.
>
> A. Form-encoded only (original draft)
> B. JSON only (current draft)
> C. JSON as default with form-encoded and XML available with an optional request parameter

It doesn't seem to make a lot of sense to require a client have a JSON
parser if the API they're interacting with is XML. And conversely it
doesn't make a lot of sense to require a client have a XML parser if
the API they're interacting with is JSON. Given the expressed desire
for JSON, I think that option C makes the most sense. Default is JSON
but the client can ask for XML or form-encoded instead.


> ---
>
> 2. Client Authentication (in flows)
>
> How should the client authenticate when making token requests? The current draft defines special request parameters for sending client credentials. Some have argued that this is not the correct way, and that the client should be using existing HTTP authentication schemes to accomplish that such as Basic.
>
> A. Client authenticates by sending its credentials using special parameters (current draft)
> B. Client authenticated by using HTTP Basic (or other schemes supported by the server such as Digest)

I'd prefer that OAuth remain as self contained as possible. Thus A.


> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email