Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration
Justin Richer <jricher@mitre.org> Thu, 23 May 2013 18:45 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6DE921F96CD for <oauth@ietfa.amsl.com>; Thu, 23 May 2013 11:45:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.403
X-Spam-Level:
X-Spam-Status: No, score=-6.403 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tMdzoSFbgOtQ for <oauth@ietfa.amsl.com>; Thu, 23 May 2013 11:45:10 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id B85C621F9021 for <oauth@ietf.org>; Thu, 23 May 2013 11:21:39 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id D64F42260027; Thu, 23 May 2013 14:21:37 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 96EA51F0AFB; Thu, 23 May 2013 14:21:37 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.2.342.3; Thu, 23 May 2013 14:21:37 -0400
Message-ID: <519E5E11.8090802@mitre.org>
Date: Thu, 23 May 2013 14:21:05 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
References: <MLQM-20130520122606192-37488@mlite.mitre.org> <519D0C4D.60002@mitre.org> <59E470B10C4630419ED717AC79FCF9A9659ADA34@BY2PRD0411MB441.namprd04.prod.outlook.com>
In-Reply-To: <59E470B10C4630419ED717AC79FCF9A9659ADA34@BY2PRD0411MB441.namprd04.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------020605090406010600000102"
X-Originating-IP: [129.83.31.56]
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 18:45:24 -0000
Thanks Adam (and others) for voicing your opinions on this. The OIDC working group has also been discussing this (since it would impact the registration draft there as well) and several of the members there have either changed to voicing support for the change or claiming ambivalence to it. As such, I am now seeing reasonable support for changing (1) and (2) to the proposed new names in the next draft, and leaving (3) as is. I will do so unless I hear strong objections. -- Justin On 05/23/2013 01:23 PM, Lewis Adam-CAL022 wrote: > > For what it's worth, I am in favor of making the changes to (1) and > (2) and leaving (3) unchanged. (1) and (2) are definitely confusing > to me, as I would normally have associated the issued and expiration > times to the token. (3) is obvious as it stands, and as other have > mentioned, only clients authenticate to the endpoints, so adding > client to the term doesn't add much value. > > As mentioned, changing (1) and (2), it is not a difficult change, and > anybody implementing to drafts will obviously understand that things > change before getting RFC status. Best to fix things now, that's what > the last call is for after all. > > -adam > > *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On > Behalf Of *Justin Richer > *Sent:* Wednesday, May 22, 2013 1:20 PM > *To:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration > > Speaking as an implementor, I'm actually in favor of changing > "expires_at" and "issued_at" to the values proposed below. It would > require some minor code changes on my end, but the impact would be > minimal, and I think that the new names are *much* more clear to new > developers. I think it will save us a lot of questions and headaches > going forward. I believe that changing it now will have minimal impact > on any deployed and running code (there are no large-scale services > that I am aware of), and it will make things clearer. So I vote for > "B" for #1 and #2. > > I believe "token_endpoint_auth_method" is sufficient as is, since the > client is the only thing that authenticates to the token endpoint. > > > *[[ Note: As an editor, I don't believe it's really in my power to > make that change unless there's support in the working group for > making it. I /really/ want more feedback from people, with explanation > if you can. ]] > * > -- Justin > > On 05/20/2013 11:09 AM, Justin Richer wrote: > > Phil Hunt's review of the Dynamic Registration specification has > raised a couple of issues that I felt were getting buried by the > larger discussion (which I still strongly encourage others to jump > in to). Namely, Phil has suggested a couple of syntax changes to > the names of several parameters. > > > 1) expires_at -> client_secret_expires_at > 2) issued_at -> client_id_issued_at > 3) token_endpoint_auth_method -> token_endpoint_client_auth_method > > > I'd like to get a feeling, *especially from developers* who have > deployed this draft spec, what we ought to do for each of these: > > A) Keep the parameter names as-is > B) Adopt the new names as above > C) Adopt a new name that I will specify > > In all cases, clarifying text will be added to the parameter > *definitions* so that it's more clear to people reading the spec > what each piece does. Speaking as the editor: "A" is the default > as far as I'm concerned, since we shouldn't change syntax without > very good reason to do so. That said, if it's going to be better > for developers with the new parameter names, I am open to fixing > them now. > > Naming things is hard. > > -- Justin > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org <mailto:OAuth@ietf.org> > > https://www.ietf.org/mailman/listinfo/oauth >
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Donald F Coffin
- [OAUTH-WG] Proposed Syntax Changes in Dynamic Reg… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Mike Jones
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Mike Jones
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Anthony Nadalin
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Nat Sakimura
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Edmund Jay
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… nov matake
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… John Bradley
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Roland Hedberg
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Mike Jones
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Anthony Nadalin
- [OAUTH-WG] Dyn Reg API Style: Was Re: Proposed Sy… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Dyn Reg API Style: Was Re: Propose… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Anthony Nadalin
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Phil Hunt
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Anthony Nadalin
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Roland Hedberg
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Edmund Jay
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Lewis Adam-CAL022
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Justin Richer
- Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic… Donald F Coffin