Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
DeWitt Clinton <dewitt@unto.net> Mon, 10 May 2010 04:46 UTC
Return-Path: <dewitt@unto.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A5D3F3A6AD7 for <oauth@core3.amsl.com>; Sun, 9 May 2010 21:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.376
X-Spam-Level:
X-Spam-Status: No, score=-3.376 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRv3Vw3s2VS2 for <oauth@core3.amsl.com>; Sun, 9 May 2010 21:46:14 -0700 (PDT)
Received: from exprod7og116.obsmtp.com (exprod7og116.obsmtp.com [64.18.2.219]) by core3.amsl.com (Postfix) with SMTP id A9BAA3A6A5C for <oauth@ietf.org>; Sun, 9 May 2010 21:46:13 -0700 (PDT)
Received: from source ([209.85.161.53]) by exprod7ob116.postini.com ([64.18.6.12]) with SMTP ID DSNKS+ePiWB1hHQdos7TsNa3WGln86TtHoZg@postini.com; Sun, 09 May 2010 21:46:03 PDT
Received: by fxm1 with SMTP id 1so2016932fxm.12 for <oauth@ietf.org>; Sun, 09 May 2010 21:46:01 -0700 (PDT)
Received: by 10.239.131.11 with SMTP id 11mr245342hbl.107.1273466761140; Sun, 09 May 2010 21:46:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.239.162.68 with HTTP; Sun, 9 May 2010 21:45:41 -0700 (PDT)
In-Reply-To: <1F6D82E6-7544-4845-916F-7361165ADA4B@gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1F6D82E6-7544-4845-916F-7361165ADA4B@gmail.com>
From: DeWitt Clinton <dewitt@unto.net>
Date: Sun, 09 May 2010 21:45:41 -0700
Message-ID: <q2s77facc501005092145j119c05b8g72cc99924c7219@mail.gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="001485f7d49cee5911048636152c"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 04:46:15 -0000
Response inline. On Sun, May 9, 2010 at 5:17 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > On 2010-05-09, at 2:06 PM, Eran Hammer-Lahav wrote: > > > DEADLINE: 5/13 > > > > I would like to publish one more draft before our interim meeting in two > weeks (5/20). Below are two open issues we have on the list. Please reply > with your preference (or additional solutions) to each item. Issues with > consensus will be incorporated into the next draft. Those without will be > discussed at the meeting. > > > > EHL > > > > --- > > > > 1. Server Response Format > > > > After extensive debate, we have a large group in favor of using JSON as > the only response format (current draft). We also have a smaller group but > with stronger feelings on the subject that JSON adds complexity with no > obvious value. > > > > A. Form-encoded only (original draft) > > B. JSON only (current draft) > > C. JSON as default with form-encoded and XML available with an optional > request parameter > > I vote for B > > I would argue that form-encoded data adds complexity with no obvious value. > > *If* a JSON parser is not available, parsing the JSON that is returned is > not that much different from parsing form-encoded data (remember that we are > only using a very small subset of JSON) > I strongly disagree here. The subset of JSON returned is "all valid JSON", pure and simple. Indeed, this was exactly what I was concerned about before. The server is *no* obligation to return something that can be parsed more easily than full JSON. If we don't make that crystal clear, then I worry about no end to unsafe encoding and escaping issues down the road. If the decision is to go with either option B or C, please do it only via language that says that clients and servers both MUST be RFC 4627 compliant. I.e., a full JSON parser, or no JSON at all. -DeWitt > More and more sites are returning both JSON and XML. Eventually everyone > will see the light wrt. JSON ;-) > > > > > --- > > > > 2. Client Authentication (in flows) > > > > How should the client authenticate when making token requests? The > current draft defines special request parameters for sending client > credentials. Some have argued that this is not the correct way, and that the > client should be using existing HTTP authentication schemes to accomplish > that such as Basic. > > > > A. Client authenticates by sending its credentials using special > parameters (current draft) > > B. Client authenticated by using HTTP Basic (or other schemes supported > by the server such as Digest) > > C. support both flows in the spec. An AS can decide what it wants to > support. I would like to retain A as it may be challenging for some clients > to use HTTP Basic, and easier for an AS to be always parsing parameters for > each flow. I can see the advantages for some in using HTTP Basic. > > -- Dick > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… DeWitt Clinton
- [OAUTH-WG] Open Issues: Group Survey (respond by … Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Recordon
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Waite
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mark Mcgloin
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Richer, Justin P.
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mike Moore
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Vivek Khurana
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Greg Brail
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Kris Selden
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Evan Gilbert
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H