IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt

Marius Scurtescu <mscurtescu@google.com> Wed, 26 January 2011 00:59 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12D093A68EF for <oauth@core3.amsl.com>; Tue, 25 Jan 2011 16:59:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.325
X-Spam-Level:
X-Spam-Status: No, score=-104.325 tagged_above=-999 required=5 tests=[AWL=-1.348, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gN2ORjdLinxW for <oauth@core3.amsl.com>; Tue, 25 Jan 2011 16:59:29 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id C84EF3A68E8 for <oauth@ietf.org>; Tue, 25 Jan 2011 16:59:28 -0800 (PST)
Received: from kpbe16.cbf.corp.google.com (kpbe16.cbf.corp.google.com [172.25.105.80]) by smtp-out.google.com with ESMTP id p0Q12Qhd015235 for <oauth@ietf.org>; Tue, 25 Jan 2011 17:02:26 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1296003747; bh=6F990LQYo/jrfU7MeBjsQrF38Bg=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=W3tC9I36Kl97rpdv/lDMECxbGcaRT8tgBegMxf5GEAGtMAXEbt4WlAqRAg9z9M2sa fXmnqA09SvXwkUmB39SfA==
Received: from yxd30 (yxd30.prod.google.com [10.190.1.222]) by kpbe16.cbf.corp.google.com with ESMTP id p0Q11Zet013939 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <oauth@ietf.org>; Tue, 25 Jan 2011 17:02:25 -0800
Received: by yxd30 with SMTP id 30so3221243yxd.25 for <oauth@ietf.org>; Tue, 25 Jan 2011 17:02:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=5wGXngwcbbl1Itojq9R0qSY6+BTN/QTD1UqR3uL4BtU=; b=JLExjNa7crBJ7Y9UmA80+Wzo3AafcRFnZgdGuDz6dI40VrBBOUOLDi8nnnBmxHzRAu kjECW6K6vEKbLjRDXs0A==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=CwZoeh6knHg+iR5PQRZ20kgz9U6o3mr48o9fRBv90ObDJIsJfmd9hsSfj7qIs6W1Xj CmiEGszgQYWnlseQHTcw==
Received: by 10.100.137.7 with SMTP id k7mr4399033and.248.1296003744687; Tue, 25 Jan 2011 17:02:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.153.9 with HTTP; Tue, 25 Jan 2011 17:02:04 -0800 (PST)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <20110121004501.28103.96097.idtracker@localhost> <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Tue, 25 Jan 2011 17:02:04 -0800
Message-ID: <AANLkTimzOErQhT_gjdQrcawVgfsnr_2RVtTOYRoP-fcR@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2011 00:59:30 -0000

On Thu, Jan 20, 2011 at 9:41 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> Forgot to mention that I don't have any outstanding comments in my queue so if your feedback was not incorporated into -12, and you feel strongly about it, bring it up again.

>From an older email, adapted to v12:


1. The token_type parameter is required in responses from the server.
If the server supports multiple formats, which one will be used? In
this case, would it make sense to allow the client to request a
specific format?

For example, if the authorization server supports both MAC and BEARER,
which one will the server issue?


2. Section 8.2. What about applications using legacy parameters? Does
not make much sense to register them, and they cannot be changed to
x_. Broken record: using a prefix for all registered parameters is
much cleaner (as opposed to requiring that all no-registered
parameters use a prefix).

For Google it is impossible to comply with this requirement.


Marius

v2.23.0 | Report a Bug | By Email