Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-sub-ns-03.txt
Brian Campbell <bcampbell@pingidentity.com> Thu, 21 June 2012 20:49 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4854C21F85A1 for <oauth@ietfa.amsl.com>; Thu, 21 Jun 2012 13:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.922
X-Spam-Level:
X-Spam-Status: No, score=-6.922 tagged_above=-999 required=5 tests=[AWL=1.055, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fN3kDYDN4G1G for <oauth@ietfa.amsl.com>; Thu, 21 Jun 2012 13:49:12 -0700 (PDT)
Received: from na3sys009aog132.obsmtp.com (na3sys009aog132.obsmtp.com [74.125.149.250]) by ietfa.amsl.com (Postfix) with ESMTP id 070C421F859F for <oauth@ietf.org>; Thu, 21 Jun 2012 13:49:11 -0700 (PDT)
Received: from mail-qc0-f171.google.com ([209.85.216.171]) (using TLSv1) by na3sys009aob132.postini.com ([74.125.148.12]) with SMTP ID DSNKT+OIxyN7vRzEsaBh8jZY8yGZ8MJ/sP4k@postini.com; Thu, 21 Jun 2012 13:49:12 PDT
Received: by qcsp15 with SMTP id p15so993842qcs.16 for <oauth@ietf.org>; Thu, 21 Jun 2012 13:49:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=oOBdtv6sg6cxC8irT4ebqBNK1GEEbpJwNxSYcnDED68=; b=PdEMGs6g3Blj+zbCM9HXbPymVUrBr2k2pvn7H3pVUVxbrBSruo2yz9u6BvDTOk0K2+ 669KL5s3Rtoqr1Fbq5qIvLfxxmWrinYCPYd85KhIVsY/VgM+oCkQ2++8dhV6nuG13zCh nAnITJtqDbW9mLCju4PwFdKbwRr6oDm8+7DNUm7asEc1t+n+2vDjgCC2PeOp0fByN4+a yjLLbnhKNRgOHjh5iOZ5ftdgTs9EIyDVfpZF1A2O9ZthNtxFQG8L7zDAFhr53Kgcny/f CYF/L7QlYdmRe+AiEfgO6peJq3e3WlPOmEQKWmbJX0X28FY2POnUYM45UDSZtpdMNCCZ EJHw==
Received: by 10.229.135.141 with SMTP id n13mr7838833qct.105.1340311750776; Thu, 21 Jun 2012 13:49:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.87.142 with HTTP; Thu, 21 Jun 2012 13:48:39 -0700 (PDT)
In-Reply-To: <DE39D7C5-5265-44D3-A8C0-F8CA39DBC5C1@gmx.net>
References: <20120621175317.32545.76545.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739436656323F@TK5EX14MBXC283.redmond.corp.microsoft.com> <0F4BC83D-9C3E-44CD-9D8C-5784A7495486@gmx.net> <DE39D7C5-5265-44D3-A8C0-F8CA39DBC5C1@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 21 Jun 2012 14:48:39 -0600
Message-ID: <CA+k3eCT2jGW7MF-0jH7Z6Mw6ZWKsgH_=esU5kwy0c3As1LeT_A@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQn6LH/TsQS1DlBrcVWSHSjZ6vfu0KQMz93kN4cMJ4Blu7vV9VLT1Imp+4+5PD/SmXbVcQR6
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-sub-ns-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 20:49:13 -0000
On Thu, Jun 21, 2012 at 1:48 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > Btw, in a discussion with Brian we check the policies for the three extensions in the OAuth core specification > > 1) Section 8.3. Defining New Authorization Grant Types > > If you don't define additional token endpoint parameters then there is actually no requirement for expert review or a specification. > It is probably FCFS. That raises a different question/issue. My understanding of the core spec was that it used URIs in extension points that might be profiled by actual specifications as well as by vendor-specific or other less rigorous implementations. To the extent that's true, §8.3 of OAuth core[1] is problematic in that it allows for any URI defining the grant type but requires additional parameters the grant type might use to be registered in the The OAuth Parameters Registry (and new grant types will most likely need additional parameters). Inf fact, I've already got a vendor-specific grant type that uses an unregistered parameter on the token endpoint - it's a simple grant type for access token introspection [2]. At the time I was thinking the parameter was implicitly qualified by the grant type and this was all okay. But looking at it again, per the letter of the spec, this would seem to be a violation. But what should we have done? How does a vendor-specific extension go about registering a parameter? Would that even be a good idea? [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-8.3 [2] http://documentation.pingidentity.com/display/PF66/Grant+Type+Parameters#GrantTypeParameters-1079271
- [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-sub-n… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Mike Jones
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Barry Leiba
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Mike Jones
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Barry Leiba
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Manger, James H
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Stephen Farrell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Peter Saint-Andre
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-s… Hannes Tschofenig