IETF Logo Mail Archive

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

Dick Hardt <dick.hardt@gmail.com> Mon, 10 May 2010 14:57 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CDA63A69A3 for <oauth@core3.amsl.com>; Mon, 10 May 2010 07:57:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.911
X-Spam-Level:
X-Spam-Status: No, score=-0.911 tagged_above=-999 required=5 tests=[AWL=-0.171, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uc-BftGvDSFC for <oauth@core3.amsl.com>; Mon, 10 May 2010 07:56:59 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id B6A0D3A69DF for <oauth@ietf.org>; Mon, 10 May 2010 07:56:58 -0700 (PDT)
Received: by pwj2 with SMTP id 2so1877176pwj.31 for <oauth@ietf.org>; Mon, 10 May 2010 07:56:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=3cuXqj6dtd49TVV29Twvx1C43yqAi8NQn+lFm4O3s5U=; b=IRWPF1PJTn8bq1VDuZB4l4e/vfvawhSjO8kwsg9RtAkV2WtCblxpHXhcqyoyNAXJjd ylUxg/34U6Tq/+V52bwtFcwLhorDRVhyQa8SasMvVo5urcScRVIE/tV6MjWL5HIsvXci 1tLaOaBeCOgnYHIa/2ogBiV468ZEJspZvYnWY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=MrqG3Rr0fgEgrWnDU+OQtgSY0bM++GYvlFypEo41QJwENK2ngsgwVPbMmhxkJg05uL 0UqHUvPUisaMfje6MVEA2NC/wcteXrG/4vo538NgVK2/CsjdNYx7MOXhH0l/j0NCLEQP pY+ntbgdcF/F8wbvoIXfBgw/vMUUmtbrKXH4k=
Received: by 10.114.32.31 with SMTP id f31mr3210839waf.195.1273503402710; Mon, 10 May 2010 07:56:42 -0700 (PDT)
Received: from [192.168.1.102] (64-46-1-217.dyn.novuscom.net [64.46.1.217]) by mx.google.com with ESMTPS id n32sm26545200wae.22.2010.05.10.07.56.40 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 10 May 2010 07:56:41 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <4BE7BF9A.2050209@pidster.com>
Date: Mon, 10 May 2010 07:56:39 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <1222443C-7C2C-49C4-B03A-4E760538B4BB@gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <C2C2CB2C-F8A9-4713-A74F-558CC7278D1C@alkaline-solutions.com> <v2mc334d54e1005092357xa9a5fa2en78210a50221815df@mail.gmail.com> <4BE7BF9A.2050209@pidster.com>
To: pid@pidster.com
X-Mailer: Apple Mail (2.1078)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 14:57:00 -0000

On 2010-05-10, at 1:11 AM, Pid wrote:

> On 10/05/2010 07:57, Joseph Smarr wrote:
>>> 1. Server Response Format
>> 
>> I vote for B, though I could live with C. (A would make me sad though)
>> 
>> We've had a healthy and reasonable debate about the trade-offs here, but
>> I think the main counterargument for requiring JSON support is that it's
>> not quite yet a "no-brainer" to have JSON support in all environments
>> (e.g. iPhone libraries currently would need to statically link in an
>> available JSON library), whereas the counterarguments for A are the
>> well-documented problems properly decoding url-encoded params from OAuth
>> 1.0, plus the fact that it's not a common response format, whereas JSON
>> (and XML) are. Since I think JSON will continue to increase in use for
>> at least the next several years, the pain associated with requiring JSON
>> is likely to be  higher now than it will be in the future, and it's
>> already low enough that we've had this debate about whether it's already
>> acceptable or not-quite-yet. And JSON has been proven to "just work" in
>> terms of avoiding encoding/decoding headaches in the wild, which for
>> something like OAuth is really critical.
> 
> I don't believe this is an accurate summary.

Are you saying the information is not accurate or not a complete summary?

> 
> I asked for someone in the pro-JSON camp to describe the technical
> merits of that format over url encoded, but to date, there's no one who
> has responded.

per http://www.ietf.org/mail-archive/web/oauth/current/msg01992.html

client libraries exist to parse JSON responses
client libraries do NOT exist to parse url encoded responses

Implementations of both OAuth 1.0 and WRAP improperly decoded the responses.

> 
> The options we've been offered seem contrived to support JSON,

would you elaborate on why you think the options presented by the editor were contrived?

v2.23.0 | Report a Bug | By Email