Re: [OAUTH-WG] Scope - Coming to a Consensus
Allen Tom <atom@yahoo-inc.com> Fri, 30 April 2010 19:11 UTC
Return-Path: <atom@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2DAB628C26C for <oauth@core3.amsl.com>; Fri, 30 Apr 2010 12:11:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.825
X-Spam-Level:
X-Spam-Status: No, score=-14.825 tagged_above=-999 required=5 tests=[AWL=-0.160, BAYES_50=0.001, IP_NOT_FRIENDLY=0.334, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFwQaHH9R82X for <oauth@core3.amsl.com>; Fri, 30 Apr 2010 12:11:14 -0700 (PDT)
Received: from mrout2-b.corp.re1.yahoo.com (mrout2-b.corp.re1.yahoo.com [69.147.107.21]) by core3.amsl.com (Postfix) with ESMTP id 4244C3A6AA3 for <oauth@ietf.org>; Fri, 30 Apr 2010 12:10:31 -0700 (PDT)
Received: from SNV-EXPF01.ds.corp.yahoo.com (snv-expf01.ds.corp.yahoo.com [207.126.227.250]) by mrout2-b.corp.re1.yahoo.com (8.13.8/8.13.8/y.out) with ESMTP id o3UJ9SGI017298; Fri, 30 Apr 2010 12:09:30 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=received:user-agent:date:subject:from:to:message-id: thread-topic:thread-index:in-reply-to:mime-version:content-type: content-transfer-encoding:x-originalarrivaltime; b=YPCaXjNvCTC8w+jShQ/2YhaNuhXMYgNYbIq6621ktQJrBpZmS36RZ5Q05BDmqqlL
Received: from SNV-EXVS03.ds.corp.yahoo.com ([207.126.227.235]) by SNV-EXPF01.ds.corp.yahoo.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 30 Apr 2010 12:09:28 -0700
Received: from 10.72.169.31 ([10.72.169.31]) by SNV-EXVS03.ds.corp.yahoo.com ([207.126.227.239]) via Exchange Front-End Server snv-webmail.corp.yahoo.com ([207.126.227.60]) with Microsoft Exchange Server HTTP-DAV ; Fri, 30 Apr 2010 19:08:50 +0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Fri, 30 Apr 2010 12:08:48 -0700
From: Allen Tom <atom@yahoo-inc.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Message-ID: <C80078D0.2D681%atom@yahoo-inc.com>
Thread-Topic: [OAUTH-WG] Scope - Coming to a Consensus
Thread-Index: Acroe/D4ieCnKO2GTMiNS2rQ7lPsVgAHJ7pV
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723439321772EF@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 30 Apr 2010 19:09:28.0144 (UTC) FILETIME=[A7CDDD00:01CAE898]
Subject: Re: [OAUTH-WG] Scope - Coming to a Consensus
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 19:11:15 -0000
I vote for #3 There are already plenty of implementations that use a scope parameter: Facebook: http://developers.facebook.com/docs/authentication/ Google: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken Flickr: (called "perm") http://www.flickr.com/services/api/auth.spec.html Yahoo currently requires developers to tell us the scopes that they need when registering for a consumer key. We've received plenty of feedback that developers would rather specify the scope(s) at authorization time, so we would support a multi-valued scope parameter. Space is a reasonable delimiter. Allen On 4/30/10 8:43 AM, "Eran Hammer-Lahav" <eran@hueniverse.com> wrote: > > 3. Space-Delimited Scope Parameter Value > > Define a 'scope' parameter with value of space-delimited strings (which can > include any character that is not a space - the entire parameter value is > encoded per the transport rules regardless). Space allows using URIs or simple > strings as values. > > Pros: > > - A separator-delimited list of values is the common format for scope > parameters in existing implementations and represents actual deployment > experience. > - Most vendors define a set of opaque strings used for requesting scope. This > enables libraries to concatenate these in a standard way. > - Enables simple extensions in the future for discovering which scope is > required by each resource. > > Cons: > > - Defining a format without a discovery method for the values needs doesn't > offer much more than the other options. > - Doesn't go far enough to actually achieve interoperability. > - Adds complexity for little value. > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Scope - Coming to a Consensus Eran Hammer-Lahav
- Re: [OAUTH-WG] Scope - Coming to a Consensus Torsten Lodderstedt
- Re: [OAUTH-WG] Scope - Coming to a Consensus Allen Tom
- Re: [OAUTH-WG] Scope - Coming to a Consensus Joseph Smarr
- Re: [OAUTH-WG] Scope - Coming to a Consensus Pelle Braendgaard
- Re: [OAUTH-WG] Scope - Coming to a Consensus Justin Smith
- Re: [OAUTH-WG] Scope - Coming to a Consensus Marius Scurtescu
- Re: [OAUTH-WG] Scope - Coming to a Consensus Marius Scurtescu
- Re: [OAUTH-WG] Scope - Coming to a Consensus Torsten Lodderstedt
- Re: [OAUTH-WG] Scope - Coming to a Consensus Eve Maler
- Re: [OAUTH-WG] Scope - Coming to a Consensus Luke Shepard
- Re: [OAUTH-WG] Scope - Coming to a Consensus Dick Hardt
- Re: [OAUTH-WG] Scope - Coming to a Consensus Manger, James H
- Re: [OAUTH-WG] Permissions (Scope - Coming to a C… Manger, James H
- Re: [OAUTH-WG] Permissions (Scope - Coming to a C… Allen Tom
- Re: [OAUTH-WG] Scope - Coming to a Consensus Evan Gilbert
- Re: [OAUTH-WG] Scope - Coming to a Consensus Mark Mcgloin
- Re: [OAUTH-WG] Scope - Coming to a Consensus Eran Hammer-Lahav