Re: [OAUTH-WG] Mandatory-to-implement token type
Blaine Cook <romeda@gmail.com> Sun, 04 December 2011 23:34 UTC
Return-Path: <romeda@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C3A21F89BA for <oauth@ietfa.amsl.com>; Sun, 4 Dec 2011 15:34:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSM4EumW8TDq for <oauth@ietfa.amsl.com>; Sun, 4 Dec 2011 15:34:38 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id D213F21F8888 for <oauth@ietf.org>; Sun, 4 Dec 2011 15:34:37 -0800 (PST)
Received: by ggnk5 with SMTP id k5so994612ggn.31 for <oauth@ietf.org>; Sun, 04 Dec 2011 15:34:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=7rjGSNTu46Zhw0TKp3fUeHDrpHshNSCVWuYr0V1zoNY=; b=aYvEIVYdKN67nkMs/O27GzScQCoZBWp5jrjfjY1gWcu9plaDtKDeD1O6+5FxrVFbdg /uJlMcemssWBMNp2fyWpFi/YHbQrqnHKUGvGGkj+VzZvnfZ0aPLF7i/niSISQcAwNxc3 UJPmYKqVmS4fwcn0ySJ6hL1joF3OPI5NI4Rtk=
Received: by 10.182.149.33 with SMTP id tx1mr1282959obb.62.1323041677258; Sun, 04 Dec 2011 15:34:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.114.68 with HTTP; Sun, 4 Dec 2011 15:34:16 -0800 (PST)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435F7576DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <CALaySJJ+2au5rxEQmSSpXO42KmgCu=NhiLPBCx-3AH0hud=5CQ@mail.gmail.com> <CAH-8B6sjim_tcBkTPFWc1SnjhtHDQTR7sVT+aOjnYv7cs8JssA@mail.gmail.com> <4ED82D62.3070800@cs.tcd.ie> <CALaySJLKYLpPWc14_GUJKc5j1E3QovKQOx9HsdR-n2YV7kstpQ@mail.gmail.com> <4ED89384.9060603@cs.tcd.ie> <CAC4RtVBQdV+dwhzK903nkeNhsKzrHNFPYMK+EZtxRXnHWGs68w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435F7576DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
From: Blaine Cook <romeda@gmail.com>
Date: Sun, 04 Dec 2011 23:34:16 +0000
Message-ID: <CAAz=sc=NMv-8Z4QDVCFAbcCoGtC0Zc84Sg+HCMEDOMOyiUsD3w@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mandatory-to-implement token type
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2011 23:34:38 -0000
On 4 December 2011 02:26, Mike Jones <Michael.Jones@microsoft.com> wrote: > I strongly object to a mandatory-to-implement clause for the MAC scheme. They are unnecessary and market forces have shown that implementers do not want or need this kind of an authentication scheme. I'd say that Twitter, Flickr, Dropbox and dozens of other sites that have shipped OAuth 1.0a (MAC) in production and for billions of requests per day is a pretty strong market force. People (especially politically incentivised standards wonks) arguing on a mailing list isn't a strong market force, and there are far fewer successful APIs that use Bearer tokens. Which isn't to say that they won't, just to say that what you want and what's used in the wild are very different things. Or, citation needed. b.
- [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Justin Richer
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Phil Hunt
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Bart Wiegmans
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- [OAUTH-WG] Fwd: Re: Mandatory-to-implement token … Justin Richer
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… André DeMarre
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… Richer, Justin P.
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… André DeMarre
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… Dan Taflin
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Mike Jones
- Re: [OAUTH-WG] Mandatory-to-implement token type John Bradley
- Re: [OAUTH-WG] Mandatory-to-implement token type Anthony Nadalin
- Re: [OAUTH-WG] Mandatory-to-implement token type Paul Madsen
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Mike Jones
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Justin Richer
- Re: [OAUTH-WG] Mandatory-to-implement token type Marius Scurtescu
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell