IETF Logo Mail Archive

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

Lukas Rosenstock <lr@lukasrosenstock.net> Thu, 24 June 2010 07:49 UTC

Return-Path: <lr@lukasrosenstock.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7475B3A6A47 for <oauth@core3.amsl.com>; Thu, 24 Jun 2010 00:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.488
X-Spam-Level:
X-Spam-Status: No, score=-0.488 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O7-7a6+0rP8F for <oauth@core3.amsl.com>; Thu, 24 Jun 2010 00:49:00 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 3FB903A67F0 for <oauth@ietf.org>; Thu, 24 Jun 2010 00:48:59 -0700 (PDT)
Received: by vws14 with SMTP id 14so1611171vws.31 for <oauth@ietf.org>; Thu, 24 Jun 2010 00:49:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.214.77 with SMTP id gz13mr5166573qcb.168.1277365745297; Thu, 24 Jun 2010 00:49:05 -0700 (PDT)
Received: by 10.229.236.130 with HTTP; Thu, 24 Jun 2010 00:49:05 -0700 (PDT)
In-Reply-To: <E7A7F197-3BBC-43F2-8242-D0164057A39A@gmail.com>
References: <3D3C75174CB95F42AD6BCC56E5555B4502BE07CC@FIESEXC015.nsn-intra.net> <E7A7F197-3BBC-43F2-8242-D0164057A39A@gmail.com>
Date: Thu, 24 Jun 2010 09:49:05 +0200
Message-ID: <AANLkTild51WHVcXxYFCygL8sGSGiN3HILDFwIbym6Lfi@mail.gmail.com>
From: Lukas Rosenstock <lr@lukasrosenstock.net>
To: Dick Hardt <dick.hardt@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2010 07:49:01 -0000

Wasn't there some concensus that URIs would be good for scope? They
have "in-built namespacing" ...

Lukas

2010/6/23 Dick Hardt <dick.hardt@gmail.com>:
>
> On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
>
>> "
>>   scope
>>         OPTIONAL.  The scope of the access request expressed as a list
>>         of space-delimited strings.  The value of the "scope" parameter
>>         is defined by the authorization server.  If the value contains
>>         multiple space-delimited strings, their order does not matter,
>>         and each string adds an additional access range to the
>>         requested scope.
>> "
>>
>> Do folks think it would be useful to have standardized values?
>
> Not at this time. The semantics of scope are all over the place. If standardized, people will feel they need to pick one that is close to what they want, but is not exactly what they mean. I think it is better for the AS to define what they mean by a scope and give it a name that makes sense in that context.
>
>>
>> If the answer is "yes", then it would be useful to differentiate the
>> standardized values from those values that are purely defined locally by
>> the authorization server.

v2.43.4 | Report a Bug | By Email | System Status