Re: [OAUTH-WG] What to do about 'realm'
Robert Sayre <sayrer@gmail.com> Sun, 11 July 2010 07:11 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0E723A67CC for <oauth@core3.amsl.com>; Sun, 11 Jul 2010 00:11:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCfl3PmWkT+O for <oauth@core3.amsl.com>; Sun, 11 Jul 2010 00:11:40 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id E2D913A67C3 for <oauth@ietf.org>; Sun, 11 Jul 2010 00:11:39 -0700 (PDT)
Received: by pwj1 with SMTP id 1so1705423pwj.31 for <oauth@ietf.org>; Sun, 11 Jul 2010 00:11:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=dx2SRhjEzHYwhCfy5QUn1o/z7gGrkT5e63tdAJNrMOk=; b=iTkgpzrfjANY3SlHslm4ASV/LALPgvXPQMJdYVU7UJqzUg5/QP/p2t6tZRX3o0oiVj m0r8Nhv62NwYEMPOpr9xzf57Qrwy7UvM05rqlrUJAGyOnbZX8SHXO7Vjv0+ZgFoTjPIq Qb5bLdXkp6zVp68zCGg/wQzkxwqAd5PW89Lwk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=xrkA7ENU8PcWFWpOc2sWtUUxC51URkODeKshd6DUD7qriiYRIQJCqIjU8VSfPPa37I V+LmWDRjsB753Bmfqx3Hf4m5UG6ZsC36pO852gi+jMJNo4ARktSEOf098FaekDdv9BMZ FSWDUXTDOzFoF9L1ntSgK7EtxrFGqakaeflXk=
MIME-Version: 1.0
Received: by 10.142.171.7 with SMTP id t7mr14288463wfe.48.1278832303899; Sun, 11 Jul 2010 00:11:43 -0700 (PDT)
Received: by 10.142.84.8 with HTTP; Sun, 11 Jul 2010 00:11:43 -0700 (PDT)
In-Reply-To: <AANLkTikLogvJAhE9LF60MDyEiqvpDM8WD8tSUr4fZLjP@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTikLogvJAhE9LF60MDyEiqvpDM8WD8tSUr4fZLjP@mail.gmail.com>
Date: Sun, 11 Jul 2010 00:11:43 -0700
Message-ID: <AANLkTil-Q3CWO49NJ4CPjO_MvEdmk94OZb6hI8psjLOL@mail.gmail.com>
From: Robert Sayre <sayrer@gmail.com>
To: Brian Eaton <beaton@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] What to do about 'realm'
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jul 2010 07:11:43 -0000
On Sat, Jul 10, 2010 at 11:55 PM, Brian Eaton <beaton@google.com> wrote: > > Let's use a format like this: > > WWW-Authenticate: OAuth2 base64(<json>) > > Or even just: > > WWW-Authenticate: OAuth2 > > Seriously. Looks good. Doesn't matter which the WG picks. > 1) dropping the name="value" syntax won't break the internet, because > widely deployed schemes have already done it. Fully agree. > 2) "realm" is not necessary in order to have a successful > authentication protocol. Indeed. So far, it looks like "realm" is necessary to have an unsuccessful authentication protocol. > > As far as I can tell, there is no good reason for RFC 2617 to specify > the syntax it does. RFC 2617 adopts constraints that predate widespread Unicode adoption. > It's convenient for digest auth, and kind of a > pain everywhere else. > It's not convenient for Digest, and Digest doesn't work anyway. -- Robert Sayre "I would have written a shorter letter, but I did not have the time."
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Dick Hardt
- [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Lukas Rosenstock
- Re: [OAUTH-WG] What to do about 'realm' Pid
- Re: [OAUTH-WG] What to do about 'realm' William Mills
- Re: [OAUTH-WG] What to do about 'realm' Torsten Lodderstedt
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Brian Eaton
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Manger, James H
- Re: [OAUTH-WG] What to do about 'realm' Eve Maler
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' William Mills
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Brian Eaton
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav