IETF Logo Mail Archive

[OAUTH-WG] semantics of scope parameter

Dick Hardt <dick.hardt@gmail.com> Mon, 28 June 2010 05:49 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DC503A6967 for <oauth@core3.amsl.com>; Sun, 27 Jun 2010 22:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.445
X-Spam-Level:
X-Spam-Status: No, score=-2.445 tagged_above=-999 required=5 tests=[AWL=0.154, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9ZgSk5ldbbR for <oauth@core3.amsl.com>; Sun, 27 Jun 2010 22:48:34 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 71CBE3A6955 for <oauth@ietf.org>; Sun, 27 Jun 2010 22:48:34 -0700 (PDT)
Received: by pwi6 with SMTP id 6so4463947pwi.31 for <oauth@ietf.org>; Sun, 27 Jun 2010 22:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type :content-transfer-encoding:subject:date:message-id:to:mime-version :x-mailer; bh=s/1ldBh4DAC9UP1zLQayM0fLHvbw9EG9NyQBuOefyBY=; b=q3d6xGKG5Yjw9s9lOC3MVvB1iCN4ZCwhBq3/lxmZXcHle4D38IXNM98BmsoSx/g18q jhy1/MwhtaYN61KZWlkOGwvTgbBhj7VMJaS22nmNjgXJtUk//rMcgjcZ7/Oqjr8+Nid0 Bh17Js5ZDtAg889/zpFIeV8u9jQ2PKiz1KDmY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=B8RFux6q+hNreMW3IFNDYgyYrfHsENUWGiqMRVEJmcyJes1UNnOOaADFc/P/exNgB9 w0F758Y/NV5DV0HE6cuFugFeaDQQtLDbgRW3wBVBDukt9UTPYiZSt+4ohYtEks3RBx2p c9kMSsBNzmfw6XjNsGxY/qbfYNDILEY9Jr1IU=
Received: by 10.142.158.12 with SMTP id g12mr1963408wfe.91.1277704120558; Sun, 27 Jun 2010 22:48:40 -0700 (PDT)
Received: from [192.168.1.5] (c-24-130-32-55.hsd1.ca.comcast.net [24.130.32.55]) by mx.google.com with ESMTPS id b12sm11008259rvn.22.2010.06.27.22.48.39 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 27 Jun 2010 22:48:40 -0700 (PDT)
From: Dick Hardt <dick.hardt@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 27 Jun 2010 22:48:38 -0700
Message-Id: <085C731D-5C07-422C-AC53-1C50CF6D9984@gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
Subject: [OAUTH-WG] semantics of scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2010 05:50:08 -0000
X-List-Received-Date: Mon, 28 Jun 2010 05:50:08 -0000

The current spec defines scope (when the scope variable is introduced) as:

   scope
         OPTIONAL.  The scope of the access request expressed as a list
         of space-delimited strings.  The value of the "scope" parameter
         is defined by the authorization server.  If the value contains
         multiple space-delimited strings, their order does not matter,
         and each string adds an additional access range to the
         requested scope.

I think the last phrase is adding semantics that may not be true, and that the following is more accurate:

   scope
         OPTIONAL.  The scope of the access request expressed as a list
         of space-delimited strings.  The value of the "scope" parameter
         is defined by the authorization server.  If the value contains
         multiple space-delimited strings, their order does not matter.

A authorization server may define some scope parameters that add restrictions to the access rather than are additive. For example, scope could be defined by an AS as one or more resources (PHOTOS PROFILE FRIENDS) and the type of access (READ WRITE READWRITE) 

-- Dick

v2.39.1 | Report a Bug | By Email | System Status