[OAUTH-WG] formal definition of client_id?
Brian Campbell <bcampbell@pingidentity.com> Tue, 24 May 2011 17:31 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id E8340E0796 for <oauth@ietfa.amsl.com>;
Tue, 24 May 2011 10:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.96
X-Spam-Level:
X-Spam-Status: No, score=-5.96 tagged_above=-999 required=5 tests=[AWL=0.017,
BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iv3HtOJf3jmL for
<oauth@ietfa.amsl.com>; Tue, 24 May 2011 10:31:47 -0700 (PDT)
Received: from na3sys009aog117.obsmtp.com (na3sys009aog117.obsmtp.com
[74.125.149.242]) by ietfa.amsl.com (Postfix) with ESMTP id 27C3AE0795 for
<oauth@ietf.org>; Tue, 24 May 2011 10:31:47 -0700 (PDT)
Received: from mail-qy0-f177.google.com ([209.85.216.177]) (using TLSv1) by
na3sys009aob117.postini.com ([74.125.148.12]) with SMTP ID
DSNKTdvrgfPZadWmf6/cUAANq5HJITLE086O@postini.com;
Tue, 24 May 2011 10:31:47 PDT
Received: by mail-qy0-f177.google.com with SMTP id 38so4556550qyl.15 for
<oauth@ietf.org>; Tue, 24 May 2011 10:31:45 -0700 (PDT)
Received: by 10.224.137.133 with SMTP id w5mr3122253qat.178.1306258305352;
Tue, 24 May 2011 10:31:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.74.66 with HTTP; Tue, 24 May 2011 10:31:15 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 24 May 2011 11:31:15 -0600
Message-ID: <BANLkTim-jna6L6bB2c6FiLDCyU0X5C_e4A@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: [OAUTH-WG] formal definition of client_id?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>,
<mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
<mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2011 17:31:48 -0000
I noticed yesterday, in -16, that the first time that client_id is
mentioned is in a parenthetical in the second paragraph of section 3.1
which is a little awkward. The client_id parameter then shows up
inside two examples before being listed as a required parameter in
section 4.1.1, 4.1.3, 4.2.1 and others with a reference back to a
description in section 3.
client_id
REQUIRED. The client identifier as described in Section 3.
This feels a little circular to me, however, because section 3 never
really formally defines what client_id is.
Also, based on conversations on this list, I think I understand the
intent about how client_id should be handled for unauthenticated
clients (a value for client_id is always required for the
endpoints/grants listed in the core spec while client_secret, basic
auth or other means of authentication is optional) but I'm not sure
that is fully communicated in the text of -16.
- [OAUTH-WG] formal definition of client_id? Brian Campbell
- Re: [OAUTH-WG] formal definition of client_id? Peter Saint-Andre