Re: [OAUTH-WG] OAuth Parameter Registration Template
Eran Hammer <eran@hueniverse.com> Sun, 24 June 2012 13:34 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D87B421F8697 for <oauth@ietfa.amsl.com>; Sun, 24 Jun 2012 06:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.577
X-Spam-Level:
X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xziu54hiw-iB for <oauth@ietfa.amsl.com>; Sun, 24 Jun 2012 06:34:59 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id 1328E21F867D for <oauth@ietf.org>; Sun, 24 Jun 2012 06:34:59 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id SDay1j0040EuLVk01DayWN; Sun, 24 Jun 2012 06:34:58 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Sun, 24 Jun 2012 06:34:58 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, OAuth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth Parameter Registration Template
Thread-Index: AQHNUgvE5MIjNXPlmk2UuemCkhv0oJcJd39A
Date: Sun, 24 Jun 2012 13:34:58 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20107EC1F@P3PWEX2MB008.ex2.secureserver.net>
References: <4F1F7754-CF91-4C07-A4B6-20AB94C2E2B2@gmx.net>
In-Reply-To: <4F1F7754-CF91-4C07-A4B6-20AB94C2E2B2@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [37.46.44.161]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth Parameter Registration Template
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jun 2012 13:35:00 -0000
It is pretty obvious these refer to the two well defined endpoints in section 3. I will add a reference next to the locations to make this even clearer. There is no such endpoint as client authentication as a location. OAuth core clearly defines three endpoints for which two are extensible via regisration. Anything else is out of scope. No other changes are needed or appropriate. EH > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Hannes Tschofenig > Sent: Sunday, June 24, 2012 6:18 AM > To: OAuth WG > Subject: [OAUTH-WG] OAuth Parameter Registration Template > > Hi all, > > working on the proposed text for the OAuth assertions draft I noticed an > interesting aspect in the core specification regarding Section 11.2.1, which > defines the registration template for OAuth parameters. > > The template lists all possible usage locations of parameters, namely > authorization request, authorization response, token request, or token > response. > > Here is the first issue: these locations are not defined anywhere in the > document and so one can only guess to what part of the protocol exchange > they belong. > > I agree that it may not be very difficult to guess but obviously it is not > completely obvious. It would have been nice if there is actually a match with > Figure 1, for example. > > http://tools.ietf.org/html/draft-ietf-oauth-assertions-03, for example, uses a > location that is not in the above list, namely 'client authentication'. > > Client authentication can also happen in the interaction between the client > and the resource server but the exchanges are not part of the allowed list of > usage locations. > > Ciao > Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth Parameter Registration Template Hannes Tschofenig
- Re: [OAUTH-WG] OAuth Parameter Registration Templ… Eran Hammer
- Re: [OAUTH-WG] OAuth Parameter Registration Templ… Brian Campbell
- Re: [OAUTH-WG] OAuth Parameter Registration Templ… Hannes Tschofenig