Re: [OAUTH-WG] draft-ietf-oauth-v2-22

Eran Hammer-Lahav <eran@hueniverse.com> Wed, 19 October 2011 03:38 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FEB41F0C87 for <oauth@ietfa.amsl.com>; Tue, 18 Oct 2011 20:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.696
X-Spam-Level:
X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[AWL=-0.703, BAYES_00=-2.599, DEAR_SOMETHING=1.605, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2JCc29JfV2KU for <oauth@ietfa.amsl.com>; Tue, 18 Oct 2011 20:38:39 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id 962881F0C84 for <oauth@ietf.org>; Tue, 18 Oct 2011 20:38:35 -0700 (PDT)
Received: (qmail 6878 invoked from network); 19 Oct 2011 03:38:34 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 19 Oct 2011 03:38:32 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Tue, 18 Oct 2011 20:38:32 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: qijun83 <qijun83@gmail.com>
Date: Tue, 18 Oct 2011 20:38:25 -0700
Thread-Topic: draft-ietf-oauth-v2-22
Thread-Index: AcyOEJKbeeFMgKOVSOyPSGRuIqW8PQ==
Message-ID: <AD5D14C6-DB18-4163-86C5-441956EC6617@hueniverse.com>
References: <CAPRM5o2=uwXdNdhHMr3=vKi+7bHXDfyg0V7uZ0ZrBLTSJKgcew@mail.gmail.com>
In-Reply-To: <CAPRM5o2=uwXdNdhHMr3=vKi+7bHXDfyg0V7uZ0ZrBLTSJKgcew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_AD5D14C6DB18416386C5441956EC6617hueniversecom_"
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 03:38:39 -0000

Sending to the right place.

On Oct 18, 2011, at 20:36, "qijun83" <qijun83@gmail.com<mailto:qijun83@gmail.com>> wrote:

Dear Sir,

It's really very pleasure for me to write to you for asking some questions about oauth-v2-22 as follows.

In section 2.3 (Client Authentication), it is recommended to use the HTTP Basic authentication scheme
like "Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW", which is included of "user_id" and
"password" as defined in [RFC2617<http://tools.ietf.org/html/rfc2617>]7>], instead of using the parameters of "client_id" and "client_secret" in
HTTP request body.
I want to know,
(1). whether "user_id" equals to "client_id", and "password" equals to "client_secret".
(2). and whether it is allowed to use both of the  HTTP Basic authentication scheme and the client
credentials in the request body at the same time.

Looking forward to hearing from you.

Yours, sincerely
Qijun Zhang