IETF Logo Mail Archive

Re: [OAUTH-WG] Change grant_type="none" to something less confusing

Brian Eaton <beaton@google.com> Fri, 16 July 2010 16:41 UTC

Return-Path: <beaton@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C622F3A6A6A for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 09:41:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.808
X-Spam-Level:
X-Spam-Status: No, score=-105.808 tagged_above=-999 required=5 tests=[AWL=0.169, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r7G2X-3HT93L for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 09:41:43 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id B2D3F3A6A7C for <oauth@ietf.org>; Fri, 16 Jul 2010 09:41:43 -0700 (PDT)
Received: from wpaz33.hot.corp.google.com (wpaz33.hot.corp.google.com [172.24.198.97]) by smtp-out.google.com with ESMTP id o6GGftGq011525 for <oauth@ietf.org>; Fri, 16 Jul 2010 09:41:55 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1279298515; bh=DRZRptjZ8y8YDtCKTiJ6n1cIbyI=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=C670JyUaLnnsEiEEXLLMYiqrvv4G51bjQa6zfd8NSnSp2riy4cxnkSWRDLNlDQ+TK ufjuw/ZQYekM42jqP/lag==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=iugkkrRrs8eNTIrG0qxMohBnoe4vVrhuRGJtWtVACQVRMwIFHbtUpiewKYNFePR9B rgLn9tgjHiaeW+55y/AJg==
Received: from pvh11 (pvh11.prod.google.com [10.241.210.203]) by wpaz33.hot.corp.google.com with ESMTP id o6GGfrmB011033 for <oauth@ietf.org>; Fri, 16 Jul 2010 09:41:54 -0700
Received: by pvh11 with SMTP id 11so1054699pvh.38 for <oauth@ietf.org>; Fri, 16 Jul 2010 09:41:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.216.21 with SMTP id o21mr1735306wfg.282.1279298513213; Fri, 16 Jul 2010 09:41:53 -0700 (PDT)
Received: by 10.142.193.19 with HTTP; Fri, 16 Jul 2010 09:41:53 -0700 (PDT)
In-Reply-To: <AANLkTinRE0My8GRTVrBM9cwyCWgrpeYQzul3YBp_Z-8A@mail.gmail.com>
References: <1279297826.11628.61.camel@localhost.localdomain> <AANLkTinRE0My8GRTVrBM9cwyCWgrpeYQzul3YBp_Z-8A@mail.gmail.com>
Date: Fri, 16 Jul 2010 09:41:53 -0700
Message-ID: <AANLkTim_GpxKx2G6FQN9TGwMYxnRv4N7pOo7Yo3g2s6c@mail.gmail.com>
From: Brian Eaton <beaton@google.com>
To: Marius Scurtescu <mscurtescu@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Change grant_type="none" to something less confusing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 16:41:44 -0000

+1.

How about calling it "client password", or something along those
lines...?  That's what Dick called it for WRAP.

http://tools.ietf.org/html/draft-hardt-oauth-01#page-13

Cheers,
Brian

On Fri, Jul 16, 2010 at 9:39 AM, Marius Scurtescu <mscurtescu@google.com> wrote:
> I agree that grant_type=none is confusing. "client" or "direct" sound better.
>
> Marius
>
>
>
> On Fri, Jul 16, 2010 at 9:30 AM, Justin Richer <jricher@mitre.org> wrote:
>> The choice of the value "none" for the grant_type parameter in the
>> client-credentials case is confusing. I understand the philosophy behind
>> this choice, but I think that calling it "none" here gives the wrong
>> impression. It almost sounds like it's a deny-request on first glance,
>> or even a revoke request of some type. Furthermore, I'd say that there
>> really is an access grant being made here, but it's implicit, and given
>> to the client directly and not to an end user.
>>
>> I propose we change this key to "client", "implicit", "direct", or
>> something other than "none" to avoid this kind of confusion. Along with
>> this, I would also like the paragraph in 4.1 describing the usage of
>> this grant type to be pulled into its own (admittedly short) subsection.
>> In this way, someone looking to implement this style of auth will have
>> somewhere concrete to look, bringing this method on par with others in
>> section 4.1.
>>
>>  -- Justin
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.35.0 | Report a Bug | By Email | System Status