IETF Logo Mail Archive

Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax

Todd W Lainhart <lainhart@us.ibm.com> Thu, 31 January 2013 14:38 UTC

Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA09021F87DF for <oauth@ietfa.amsl.com>; Thu, 31 Jan 2013 06:38:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.464
X-Spam-Level:
X-Spam-Status: No, score=-10.464 tagged_above=-999 required=5 tests=[AWL=0.134, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qWEs+FAjWhr for <oauth@ietfa.amsl.com>; Thu, 31 Jan 2013 06:38:40 -0800 (PST)
Received: from e8.ny.us.ibm.com (e8.ny.us.ibm.com [32.97.182.138]) by ietfa.amsl.com (Postfix) with ESMTP id 86EF321F84E9 for <oauth@ietf.org>; Thu, 31 Jan 2013 06:38:40 -0800 (PST)
Received: from /spool/local by e8.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Thu, 31 Jan 2013 09:38:39 -0500
Received: from d01dlp03.pok.ibm.com (9.56.250.168) by e8.ny.us.ibm.com (192.168.1.108) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 31 Jan 2013 09:38:38 -0500
Received: from d01relay05.pok.ibm.com (d01relay05.pok.ibm.com [9.56.227.237]) by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 8C1DFC9003C for <oauth@ietf.org>; Thu, 31 Jan 2013 09:38:37 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r0VEcbVg135414 for <oauth@ietf.org>; Thu, 31 Jan 2013 09:38:37 -0500
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r0VEcZZC030080 for <oauth@ietf.org>; Thu, 31 Jan 2013 09:38:35 -0500
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r0VEcZ0D030071; Thu, 31 Jan 2013 09:38:35 -0500
In-Reply-To: <51099EBD.5050204@mitre.org>
References: <OF3031393A.750F4AB2-ON85257B03.007AD84B-85257B03.007B56E7@us.ibm.com> <51099EBD.5050204@mitre.org>
To: Justin Richer <jricher@mitre.org>
MIME-Version: 1.0
X-KeepSent: 2328A016:B0DF92F0-85257B04:004F4780; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP2 SHF22 July 19, 2012
Message-ID: <OF2328A016.B0DF92F0-ON85257B04.004F4780-85257B04.00506F6E@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Thu, 31 Jan 2013 09:38:34 -0500
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF4|December 14, 2012) at 01/31/2013 09:38:35, Serialize complete at 01/31/2013 09:38:35
Content-Type: multipart/alternative; boundary="=_alternative 00506F6C85257B04_="
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13013114-9360-0000-0000-00000FF3E72A
Cc: IETF oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 14:38:42 -0000

I would vote for consistency with 6749 - string tokenizing doesn't seem 
like a big deal, esp. since clients are going to have to deal with it when 
scopes are returned from the token endpoint.  It was raised here when I 
realized that we would have to give clients two types of guidance when 
dealing with scopes in the introspection response and 6749 endpoints.

If the thinking is that 6749 got it wrong (didn't use JSON syntax 
appropriately), and this is getting it right, that's fine.  I'm more 
interested in knowing if the community thinks it's going to change.





Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainhart@us.ibm.com




From:   Justin Richer <jricher@mitre.org>
To:     Todd W Lainhart/Lexington/IBM@IBMUS, 
Cc:     IETF oauth WG <oauth@ietf.org>
Date:   01/30/2013 05:29 PM
Subject:        Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope 
syntax



It's not meant to follow the same syntax. Instead, it's making use of the 
JSON object structure to avoid additional parsing of the values on the 
client side.

We could fairly easily define it as the same space-delimited string if 
enough people want to keep the scope format consistent.

 -- Justin

On 01/30/2013 05:27 PM, Todd W Lainhart wrote:
That the scope syntax in draft-richer-oauth-introspection-01 is different 
than RFC 6749 Section 3.3, as in: 


   "scope": ["read", "write", "dolphin"], 

vs. 

  scope = scope-token *( SP scope-token )
     scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) 

Should introspection-01 follow the 6749 syntax for scopes?





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email