IETF Logo Mail Archive

Re: [OAUTH-WG] user-agent flow needs a rewrite

Blaine Cook <romeda@gmail.com> Tue, 13 July 2010 18:54 UTC

Return-Path: <romeda@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98E183A6B4F for <oauth@core3.amsl.com>; Tue, 13 Jul 2010 11:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IW6sJe7TpJMs for <oauth@core3.amsl.com>; Tue, 13 Jul 2010 11:54:16 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by core3.amsl.com (Postfix) with ESMTP id 1F1663A6849 for <oauth@ietf.org>; Tue, 13 Jul 2010 11:54:13 -0700 (PDT)
Received: by pzk6 with SMTP id 6so1796081pzk.31 for <oauth@ietf.org>; Tue, 13 Jul 2010 11:54:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=v5IXu+bSefSPpwSnVLt64E8nJAqGrOmMVksC3kPLX/s=; b=SzZWC5s59dvJNhfgk+yKrzpfxZDN/5ttcKGijUcOZaXj8uDqaH9I69kA1GrMqubysn tUEoqr4d0AmEoeU9Js6+snz+PUPA2KqiHV7j7Ts3BsGK4z6Ad2LtfA5OJSUASUSaHbfP uS3MjHuLAfsVTc6JBCKu/S/3CpaWsBH6Btdlk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=SZTTdaNgrSVDNAHtglXRSqfM4Vj5VQHBysjOpjB/7pNNvqmCdxvgepnJmmHlxI2iC4 KecG4egmaiil+Tg0zU0Kqd7kCUtuan4iSFprQqnP3ygBmWC4Ez40eOOxyMMUjguZSi7G vXy9BXAuaW0IG8BNEqwK2QVRbtDz1JTGICGLo=
Received: by 10.142.164.3 with SMTP id m3mr19232134wfe.294.1279047258980; Tue, 13 Jul 2010 11:54:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.143.8.6 with HTTP; Tue, 13 Jul 2010 11:53:57 -0700 (PDT)
In-Reply-To: <C86200ED.371CC%eran@hueniverse.com>
References: <AANLkTil6M4snGRdfsC5vwNPscaCYKqXqYq2F2zNKhhXP@mail.gmail.com> <C86200ED.371CC%eran@hueniverse.com>
From: Blaine Cook <romeda@gmail.com>
Date: Tue, 13 Jul 2010 19:53:57 +0100
Message-ID: <AANLkTikOF2QW92eoc8LDvjfq5GpNYM95RmjhCiNS4uQh@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [OAUTH-WG] user-agent flow needs a rewrite
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 18:54:17 -0000

I don't claim to fully grok what the current state of the various
proposals are regarding the user agent flow, but fundamentally,
shouldn't we be aiming to replicate what Twitter and Facebook are
already doing?

We've already moved towards JSON as a standard format, why not go all
the way and mandate either JSONP or CORS support, and explicitly build
around a Javascript-centric model (since that's really what we're
talking about, and that's what is deployed today).

b.

v2.35.0 | Report a Bug | By Email | System Status