Re: [OAUTH-WG] Scope - Coming to a Consensus

Dick Hardt <dick.hardt@gmail.com> Sun, 02 May 2010 01:06 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 078DE3A68C5 for <oauth@core3.amsl.com>; Sat, 1 May 2010 18:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.467
X-Spam-Level:
X-Spam-Status: No, score=-2.467 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTSuXiCLcQI0 for <oauth@core3.amsl.com>; Sat, 1 May 2010 18:06:24 -0700 (PDT)
Received: from mail-pz0-f182.google.com (mail-pz0-f182.google.com [209.85.222.182]) by core3.amsl.com (Postfix) with ESMTP id 298D13A68B5 for <oauth@ietf.org>; Sat, 1 May 2010 18:06:24 -0700 (PDT)
Received: by pzk12 with SMTP id 12so849280pzk.32 for <oauth@ietf.org>; Sat, 01 May 2010 18:06:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=ynNirRuYxxMPuRcoIMjdxIvIE/DGEsaUAFhm06dEg3Q=; b=H4IzqjwEUUF/LI49hCTf8IIRimyaMvUSO2zWl8aBkkeLbVZdf9xQBGD/jOLqND4+Hv 9WZTKdXiAlx0bE5J9RcmJw8mAzYC8GD8h/76/ujMCoti55W3/Ryhxqxi0JtizRf6BG8f Um7uzsKh71+0Is40xTeAhO9771j6YTTH75yJA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=MTvwfNfudDuuCygjxnH6AL7rAvz1itof4aeoIe5tw0+kVgt0gEn+T274Fa9zLfYLIN tpnhsdxiE/ppm/XT85khCgy1/wg37pV1LxatemUfLj3YNLTLuOt88iwtcHOcW9ZaI3ZE 3t1jF1Ydqg7Qi/CNvx1pt4GdgqeHJh+PzKgeU=
Received: by 10.115.100.30 with SMTP id c30mr405415wam.213.1272762366988; Sat, 01 May 2010 18:06:06 -0700 (PDT)
Received: from [10.0.1.8] (c-67-180-195-167.hsd1.ca.comcast.net [67.180.195.167]) by mx.google.com with ESMTPS id c22sm16557122wam.6.2010.05.01.18.06.05 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 01 May 2010 18:06:06 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset=us-ascii
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <60C3123B-4FCF-425C-A808-AFB4745AECC6@facebook.com>
Date: Sat, 1 May 2010 18:06:04 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD5AE76F-61F4-43EA-B97C-5A575C8AA674@gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E723439321772EF@P3PW5EX1MB01.EX1.SECURESERVER.NET> <C80078D0.2D681%atom@yahoo-inc.com> <AANLkTikJBx-BwdLvgszIhSo9cf5WsJZvtjrWznei44Te@mail.gmail.com> <60C3123B-4FCF-425C-A808-AFB4745AECC6@facebook.com>
To: Luke Shepard <lshepard@facebook.com>
X-Mailer: Apple Mail (2.1078)
Cc: "OAuth WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Scope - Coming to a Consensus
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2010 01:06:25 -0000

On 2010-05-01, at 3:48 PM, Luke Shepard wrote:

> I agree with approach #3.
> 
> As for the delimiter, I'm fine if the spec wants to do space-delimited. 
> 
> Just FYI Facebook will also continue to support and document commas in addition to whatever the spec says, because spaces are typically URL-encoded while commas are considered reserved characters and so not encoded. It's easier to write "read,write" than "read%20write".

Just in case it was not evident: a comma is a valid URL character, it would be legal for it to be contained in a URL scope, leading a library parsing scopes to inadvertently split up a single scope into one or more. Since the proposal says a scope can be a URI/URL, a space is a better delimiter.

-- Dick