Return-Path: X-Original-To: oauth@core3.amsl.com Delivered-To: oauth@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 51B293A67FA for ; Mon, 28 Jun 2010 15:12:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.855 X-Spam-Level: X-Spam-Status: No, score=-9.855 tagged_above=-999 required=5 tests=[AWL=0.743, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCS10eKLKXFQ for ; Mon, 28 Jun 2010 15:12:45 -0700 (PDT) Received: from smtp.microsoft.com (maila.microsoft.com [131.107.115.212]) by core3.amsl.com (Postfix) with ESMTP id AB4393A6892 for ; Mon, 28 Jun 2010 15:12:45 -0700 (PDT) Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 28 Jun 2010 15:12:57 -0700 Received: from TK5EX14MBXC117.redmond.corp.microsoft.com ([169.254.8.23]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.01.0160.007; Mon, 28 Jun 2010 15:12:55 -0700 From: Yaron Goland To: Torsten Lodderstedt , Dick Hardt Thread-Topic: [OAUTH-WG] What to do about 'realm' Thread-Index: AcsWZA3VaAGfBKT6Rq+fJ1qCaXCqogAWqIAAABozBAAABh2zIA== Date: Mon, 28 Jun 2010 22:12:52 +0000 Message-ID: <7C01E631FF4B654FA1E783F1C0265F8C579D103B@TK5EX14MBXC117.redmond.corp.microsoft.com> References: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <269A7D01-CB98-46F3-9D17-C0AAA31041E4@gmail.com> <4C28E4F2.6060605@lodderstedt.net> In-Reply-To: <4C28E4F2.6060605@lodderstedt.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: multipart/alternative; boundary="_000_7C01E631FF4B654FA1E783F1C0265F8C579D103BTK5EX14MBXC117r_" MIME-Version: 1.0 Cc: "OAuth WG \(oauth@ietf.org\)" Subject: Re: [OAUTH-WG] What to do about 'realm' X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2010 22:12:51 -0000 --_000_7C01E631FF4B654FA1E783F1C0265F8C579D103BTK5EX14MBXC117r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable +1 (for #3->#4) From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of T= orsten Lodderstedt Sent: Monday, June 28, 2010 11:08 AM To: Dick Hardt Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] What to do about 'realm' +1 Am 28.06.2010 07:37, schrieb Dick Hardt: I vote for (3) unless a good (4) is suggested. On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote: Over the past year many people expressed concerns about the use of the 'rea= lm' WWW-Authenticate header parameter. The parameter is defined in RFC 2617= as required, and is allowed to have scheme-specific structure. We have a few options: 1. Leave it as required under the definition of RFC 2617 (i.e. provide no h= elp, developers will need to ready 2617 and figure out what to do with it). 2. Update 2617 to remove the requirement - this is not going to be easy or = possible to predict success. 3. Provide specific guidance as to what to do with the realm parameter. 4. Something else. Comments? EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth --_000_7C01E631FF4B654FA1E783F1C0265F8C579D103BTK5EX14MBXC117r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

+1 (for #3->#4)

 <= /p>

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf= .org] On Behalf Of Torsten Lodderstedt
Sent: Monday, June 28, 2010 11:08 AM
To: Dick Hardt
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] What to do about 'realm'

 

+1

Am 28.06.2010 07:37, schrieb Dick Hardt:

I vote for (3) unless a good (4) is suggested. =

 

On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:<= o:p>



Over the past year many people expresse= d concerns about the use of the ‘realm’ WWW-Authenticate header= parameter. The parameter is defined in RFC 2617 as required, and is allowed to have scheme-specific structure.

 

We have a few options:

 

1. Leave it as required under the defin= ition of RFC 2617 (i.e. provide no help, developers will need to ready 2617= and figure out what to do with it).

2. Update 2617 to remove the requiremen= t – this is not going to be easy or possible to predict success.=

3. Provide specific guidance as to what= to do with the realm parameter.

4. Something else.

 

Comments?

 

EHL

_____________________________________= __________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.or= g/mailman/listinfo/oauth

 

 
 
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ie=
tf.org/mailman/listinfo/oauth
 
--_000_7C01E631FF4B654FA1E783F1C0265F8C579D103BTK5EX14MBXC117r_--