Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?
Justin Richer <jricher@mitre.org> Thu, 24 June 2010 14:02 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5649A3A67A3 for <oauth@core3.amsl.com>; Thu, 24 Jun 2010 07:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.751
X-Spam-Level:
X-Spam-Status: No, score=-5.751 tagged_above=-999 required=5 tests=[AWL=0.848, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NX6HQy369cH for <oauth@core3.amsl.com>; Thu, 24 Jun 2010 07:02:06 -0700 (PDT)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id 507083A6949 for <oauth@ietf.org>; Thu, 24 Jun 2010 07:02:06 -0700 (PDT)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o5OE2DNr015205 for <oauth@ietf.org>; Thu, 24 Jun 2010 10:02:14 -0400
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o5OE2D4K015195; Thu, 24 Jun 2010 10:02:13 -0400
Received: from [129.83.50.65] (129.83.50.65) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server id 8.2.254.0; Thu, 24 Jun 2010 10:02:13 -0400
From: Justin Richer <jricher@mitre.org>
To: Lukas Rosenstock <lr@lukasrosenstock.net>
In-Reply-To: <AANLkTild51WHVcXxYFCygL8sGSGiN3HILDFwIbym6Lfi@mail.gmail.com>
References: <3D3C75174CB95F42AD6BCC56E5555B4502BE07CC@FIESEXC015.nsn-intra.net> <E7A7F197-3BBC-43F2-8242-D0164057A39A@gmail.com> <AANLkTild51WHVcXxYFCygL8sGSGiN3HILDFwIbym6Lfi@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 24 Jun 2010 10:02:12 -0400
Message-ID: <1277388132.28743.24.camel@localhost.localdomain>
MIME-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2010 14:02:07 -0000
I recall there being consensus on the space delimiter to make it so that URIs could be used easily as scope parameters. I know that I, personally, would rather have keywords in our implementation than URIs, so I'm very much in favor of keeping it unspecified. -- justin On Thu, 2010-06-24 at 03:49 -0400, Lukas Rosenstock wrote: > Wasn't there some concensus that URIs would be good for scope? They > have "in-built namespacing" ... > > Lukas > > 2010/6/23 Dick Hardt <dick.hardt@gmail.com>: > > > > On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > > > >> " > >> scope > >> OPTIONAL. The scope of the access request expressed as a list > >> of space-delimited strings. The value of the "scope" parameter > >> is defined by the authorization server. If the value contains > >> multiple space-delimited strings, their order does not matter, > >> and each string adds an additional access range to the > >> requested scope. > >> " > >> > >> Do folks think it would be useful to have standardized values? > > > > Not at this time. The semantics of scope are all over the place. If standardized, people will feel they need to pick one that is close to what they want, but is not exactly what they mean. I think it is better for the AS to define what they mean by a scope and give it a name that makes sense in that context. > > > >> > >> If the answer is "yes", then it would be useful to differentiate the > >> standardized values from those values that are purely defined locally by > >> the authorization server. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Extensibility for OAuth? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… William Mills
- [OAUTH-WG] Scope :: Was: Extensibility for OAuth? Dick Hardt
- Re: [OAUTH-WG] Extensibility for OAuth? Thomas Hardjono
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Lukas Rosenstock
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Justin Richer
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Dick Hardt
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Justin Richer
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Blaine Cook
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Dick Hardt
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Dick Hardt
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Luke Shepard
- Re: [OAUTH-WG] Extensibility for OAuth? Eran Hammer-Lahav
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Eran Hammer-Lahav
- Re: [OAUTH-WG] Extensibility for OAuth? Dick Hardt
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Eran Hammer-Lahav
- Re: [OAUTH-WG] Extensibility for OAuth? Eran Hammer-Lahav
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Dick Hardt
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Eran Hammer-Lahav
- Re: [OAUTH-WG] Extensibility for OAuth? Dick Hardt
- Re: [OAUTH-WG] Extensibility for OAuth? Eran Hammer-Lahav
- Re: [OAUTH-WG] Scope :: Was: Extensibility for OA… Justin Hart