IETF Logo Mail Archive

Re: [OAUTH-WG] Extensibility for OAuth?

Eran Hammer-Lahav <eran@hueniverse.com> Fri, 25 June 2010 18:35 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 611AB28C15B for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.242
X-Spam-Level:
X-Spam-Status: No, score=-2.242 tagged_above=-999 required=5 tests=[AWL=0.357, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KCFp5kb28QrO for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:35:17 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id 6EAD828C0EE for <oauth@ietf.org>; Fri, 25 Jun 2010 11:34:46 -0700 (PDT)
Received: (qmail 3009 invoked from network); 25 Jun 2010 18:34:55 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 25 Jun 2010 18:34:55 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Fri, 25 Jun 2010 11:34:55 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 25 Jun 2010 11:34:37 -0700
Thread-Topic: [OAUTH-WG] Extensibility for OAuth?
Thread-Index: AcsUk1dNoQKeI1kORCCNowtk/cXMuQAAVH/g
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3EC849AA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <3D3C75174CB95F42AD6BCC56E5555B4502BE07CC@FIESEXC015.nsn-intra.net> <90C41DD21FB7C64BB94121FBBC2E72343B3EC84973@P3PW5EX1MB01.EX1.SECURESERVER.NET> <B6B3E8C3-6B3B-4428-94E4-1D22A93424E6@gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343B3EC84999@P3PW5EX1MB01.EX1.SECURESERVER.NET> <345F0F5E-9401-4B76-98DF-FB7AF53ED0E2@gmail.com>
In-Reply-To: <345F0F5E-9401-4B76-98DF-FB7AF53ED0E2@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Extensibility for OAuth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:35:49 -0000

The language parameter will need a new spec (doesn't have to be an RFC, but that's open to debate), and will register the parameter in the IANA registry for that endpoint. In order to register, the request will be posted to a public list and a designated expert(s) will review it in a timely manner. If there is consensus, the request will be approved. By seeking consensus for the registration, the community will get to decide if the proposal does not change the meaning of the endpoint.

So:

1. write a new spec
2. request new parameter registration
3. discuss the use case and proposal on a public list (special for this)
4. get designated expert review
5. get IANA to register

The whole thing can be as fast as 2-3 weeks.

EHL

> -----Original Message-----
> From: Dick Hardt [mailto:dick.hardt@gmail.com]
> Sent: Friday, June 25, 2010 11:22 AM
> To: Eran Hammer-Lahav
> Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
> Subject: Re: [OAUTH-WG] Extensibility for OAuth?
> 
> Agree that if it is a different kind of function, than a new end point is a good
> thing.
> 
> I'm not understanding the review process below in your example. Would
> adding language parameters not be an extension? Would that need to be a
> change to the spec or a new spec?
> .
> On 2010-06-25, at 11:18 AM, Eran Hammer-Lahav wrote:
> 
> > I think the two endpoints are currently well defined. For example, the
> token endpoint always takes an access grant and turns it into an access token
> with optional refresh token. To "extend" it to say, register new clients
> dynamically, is a bad thing. But adding a new parameter (such as language) is
> a good thing to support, and by requiring review, only parameters that don't
> change the overall design will be approved.
> >
> > EHL
> >
> >> -----Original Message-----
> >> From: Dick Hardt [mailto:dick.hardt@gmail.com]
> >> Sent: Friday, June 25, 2010 11:13 AM
> >> To: Eran Hammer-Lahav
> >> Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
> >> Subject: Re: [OAUTH-WG] Extensibility for OAuth?
> >>
> >> Would you elaborate on your reasons here? Do you think we have
> >> enumerated all the possibilities?
> >>
> >> On 2010-06-25, at 10:59 AM, Eran Hammer-Lahav wrote:
> >>
> >>> I would rather limit the ability to extend the two endpoints beyond
> >>> their
> >> current architecture, and instead, allow others to specify new endpoints
> (e.g.
> >> a device endpoint for getting an authorization code without using
> >> browser
> >> redirection) that work in addition to the token endpoint (using an
> >> existing grant type or assertion).
> >

v2.40.4 | Report a Bug | By Email | System Status