IETF Logo Mail Archive

Re: [OAUTH-WG] Mandatory-to-implement token type

Blaine Cook <romeda@gmail.com> Sun, 04 December 2011 23:34 UTC

Return-Path: <romeda@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C3A21F89BA for <oauth@ietfa.amsl.com>; Sun, 4 Dec 2011 15:34:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSM4EumW8TDq for <oauth@ietfa.amsl.com>; Sun, 4 Dec 2011 15:34:38 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id D213F21F8888 for <oauth@ietf.org>; Sun, 4 Dec 2011 15:34:37 -0800 (PST)
Received: by ggnk5 with SMTP id k5so994612ggn.31 for <oauth@ietf.org>; Sun, 04 Dec 2011 15:34:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=7rjGSNTu46Zhw0TKp3fUeHDrpHshNSCVWuYr0V1zoNY=; b=aYvEIVYdKN67nkMs/O27GzScQCoZBWp5jrjfjY1gWcu9plaDtKDeD1O6+5FxrVFbdg /uJlMcemssWBMNp2fyWpFi/YHbQrqnHKUGvGGkj+VzZvnfZ0aPLF7i/niSISQcAwNxc3 UJPmYKqVmS4fwcn0ySJ6hL1joF3OPI5NI4Rtk=
Received: by 10.182.149.33 with SMTP id tx1mr1282959obb.62.1323041677258; Sun, 04 Dec 2011 15:34:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.114.68 with HTTP; Sun, 4 Dec 2011 15:34:16 -0800 (PST)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435F7576DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <CALaySJJ+2au5rxEQmSSpXO42KmgCu=NhiLPBCx-3AH0hud=5CQ@mail.gmail.com> <CAH-8B6sjim_tcBkTPFWc1SnjhtHDQTR7sVT+aOjnYv7cs8JssA@mail.gmail.com> <4ED82D62.3070800@cs.tcd.ie> <CALaySJLKYLpPWc14_GUJKc5j1E3QovKQOx9HsdR-n2YV7kstpQ@mail.gmail.com> <4ED89384.9060603@cs.tcd.ie> <CAC4RtVBQdV+dwhzK903nkeNhsKzrHNFPYMK+EZtxRXnHWGs68w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435F7576DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
From: Blaine Cook <romeda@gmail.com>
Date: Sun, 04 Dec 2011 23:34:16 +0000
Message-ID: <CAAz=sc=NMv-8Z4QDVCFAbcCoGtC0Zc84Sg+HCMEDOMOyiUsD3w@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mandatory-to-implement token type
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2011 23:34:38 -0000

On 4 December 2011 02:26, Mike Jones <Michael.Jones@microsoft.com> wrote:
> I strongly object to a mandatory-to-implement clause for the MAC scheme.  They are unnecessary and market forces have shown that implementers do not want or need this kind of an authentication scheme.

I'd say that Twitter, Flickr, Dropbox and dozens of other sites that
have shipped OAuth 1.0a (MAC) in production and for billions of
requests per day is a pretty strong market force.

People (especially politically incentivised standards wonks) arguing
on a mailing list isn't a strong market force, and there are far fewer
successful APIs that use Bearer tokens. Which isn't to say that they
won't, just to say that what you want and what's used in the wild are
very different things. Or, citation needed.

b.

v2.23.0 | Report a Bug | By Email