Re: [OAUTH-WG] Issue 15, new client registration

Eran Hammer-Lahav <eran@hueniverse.com> Mon, 25 July 2011 16:17 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A241B21F8ACC for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.554
X-Spam-Level:
X-Spam-Status: No, score=-2.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdeXuMCf1XcQ for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:17:38 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 90CCA21F8F79 for <oauth@ietf.org>; Mon, 25 Jul 2011 08:55:48 -0700 (PDT)
Received: (qmail 9297 invoked from network); 25 Jul 2011 15:55:48 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.21) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 25 Jul 2011 15:55:48 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT003.EX1.SECURESERVER.NET ([72.167.180.21]) with mapi; Mon, 25 Jul 2011 08:55:34 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Justin Richer <jricher@mitre.org>
Date: Mon, 25 Jul 2011 08:54:58 -0700
Thread-Topic: [OAUTH-WG] Issue 15, new client registration
Thread-Index: AcxK4u2G3jj5m2F6Q3OCAuUWP6hLPwAADgGA
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723450245F5757@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <4E2740E9.5000209@lodderstedt.net> <4E274191.6020207@lodderstedt.net> <90C41DD21FB7C64BB94121FBBC2E72345021F377AA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E72345021F378B9@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1311604831.24841.11.camel@ground>
In-Reply-To: <1311604831.24841.11.camel@ground>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue 15, new client registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:17:38 -0000

I'll switch to confidential/public.

EHL

> -----Original Message-----
> From: Justin Richer [mailto:jricher@mitre.org]
> Sent: Monday, July 25, 2011 7:41 AM
> To: Eran Hammer-Lahav
> Cc: eran@sled.com; Torsten Lodderstedt; OAuth WG
> Subject: Re: [OAUTH-WG] Issue 15, new client registration
> 
> I would avoid using the term "open" here as it has other deep-seated
> meanings in the software world, particularly with regard to Open Source and
> Open Standard stuff. FWIW, I think "confidential/public" or "private/public"
> are serviceable.
> 
>  -- Justin
> 
> On Mon, 2011-07-25 at 02:45 -0400, Eran Hammer-Lahav wrote:
> > How about confidential/open?
> >
> > EHL
> >
> > > -----Original Message-----
> > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> > > Behalf Of Eran Hammer-Lahav
> > > Sent: Friday, July 22, 2011 2:12 PM
> > > To: Torsten Lodderstedt; OAuth WG
> > > Subject: Re: [OAUTH-WG] Issue 15, new client registration
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> > > > Behalf Of Torsten Lodderstedt
> > > > Sent: Wednesday, July 20, 2011 1:59 PM
> > > > To: OAuth WG
> > > > Subject: Re: [OAUTH-WG] Issue 15, new client registration
> > > >
> > > > 2.1 Client types
> > > >
> > > > I'm struggeling with the new terminology of "private" and "public"
> > > > clients. In my perception, the text just distinguishes clients
> > > > which can be authenticated and such which cannot. This is fine but
> > > > I consider the wording misleading. I would suggest to change it to
> > > > something like trusted/untrusted or authenticated/unauthenticated
> > > > or
> > > Verifiable/Forgeable.
> > >
> > > I'm open to changing the names.
> > >
> > > I don't like trusted/untrusted because OAuth does not define trust.
> > > The authenticated/unauthenticated pair is also not ideal because the
> > > terms describe the outcome, not the nature of the client. As for
> > > verifiable/forgeable, I think these terms are too complicated for a
> > > casual reader.
> > >
> > > My intention with public/private is to identify the nature of the
> > > client credentials. So a more verbose version would be 'public
> > > credentials/private credentials'. This also works with 'code' instead of
> 'credentials'.
> > >
> > > It's clear from the past year of discussions that we need
> > > terminology to describe these two types.
> > >
> > > Any other suggestions?
> > >
> > > EHL
> > > _______________________________________________
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>