IETF Logo Mail Archive

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

Peter Saint-Andre <stpeter@stpeter.im> Tue, 20 April 2010 11:58 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A16633A6889 for <oauth@core3.amsl.com>; Tue, 20 Apr 2010 04:58:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11Y4H97j6VtA for <oauth@core3.amsl.com>; Tue, 20 Apr 2010 04:58:29 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 760A53A67FE for <oauth@ietf.org>; Tue, 20 Apr 2010 04:58:29 -0700 (PDT)
Received: from squire.local (dsl-240-138.dynamic-dsl.frii.net [216.17.240.138]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id A697940E15; Tue, 20 Apr 2010 05:58:19 -0600 (MDT)
Message-ID: <4BCD96DA.8050208@stpeter.im>
Date: Tue, 20 Apr 2010 05:58:18 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Marius Scurtescu <mscurtescu@google.com>
References: <14411661-A227-4DCA-86B3-A9C5FB8055D7@gmail.com> <4BCD31BF.5090701@stpeter.im> <CB3B4494-2A0B-4CEC-9BE4-0EF06FA6AB94@gmail.com> <m2w74caaad21004192201k4eb9af84q20cb10f7a44d9edd@mail.gmail.com>
In-Reply-To: <m2w74caaad21004192201k4eb9af84q20cb10f7a44d9edd@mail.gmail.com>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms050403060906020101000706"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue: prefixing parameters with oauth_
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2010 11:58:30 -0000

On 4/19/10 11:01 PM, Marius Scurtescu wrote:
> On Mon, Apr 19, 2010 at 9:50 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>>
>> On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote:
>>
>>> On 4/18/10 6:46 PM, Dick Hardt wrote:
>>>
>>>> Given the practice that the authorization endpoint and the redirect_uri
>>>> can contain URI query parameters, then differentiating between
>>>> application specific query parameters and OAuth protocol parameters by
>>>> prefixing the OAuth parameters with oauth_ would seem a useful way to
>>>> minimize conflicts.
>>>
>>> Can't application developers avoid conflicts by giving their parameters
>>> names other than those already used in OAuth?
>>
>> If changing the parameters is available to them. They may be trying to shimmy OAuth into an existing system.
> 
> Even if the developer can chose a parameter that is not used  by OAuth
> right now, he/she has no guarantee that this parameter name will not
> be introduced by a future version of the spec.

True.

>> I don't know how common the issue is, just pointing out why the prefix was there in the past.
> 
> Yes, chances for a collision are very small, but still, well worth
> using the prefix IMO.

Sure, I see your point.

I have no deep objections to prefixing, and it does seem as if it would
make collisions less likely (although not impossible).

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email