Re: [OAUTH-WG] 'Scope' parameter proposal
David Recordon <recordond@gmail.com> Mon, 19 April 2010 21:23 UTC
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BFABA3A696D for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 14:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWRP7nddqKtE for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 14:23:25 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 1D0A53A688B for <oauth@ietf.org>; Mon, 19 Apr 2010 14:23:21 -0700 (PDT)
Received: by pwj2 with SMTP id 2so3776871pwj.31 for <oauth@ietf.org>; Mon, 19 Apr 2010 14:23:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=pX30jfP/qhnLdS21ukxmOMoZLR3plzhJxyw761F2j4E=; b=we4lpVefsr/0+0wyyzL+T0HJKKZM61K6lzNHq4htFqYqkL1tIlJ85Q0soOGwgL3llh nLJvymdJ9+IsOB9eWBRHjI7c7MiAFxZqjGTBKw0iFyx3Ry0LDG11mviNcfq9Gnc5va4/ UNGBNQXRof7nfNxqtcuv0naN6XaV4u8JvAPm8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=e1zv/+5fwug4O2Xgy7KyPGV0ikTGJC7ic2DbKZI/Fx2j/IghY2tKX6s6Ngz6DtCJ00 yb0gcL5p0E1HgS+rcxGhViAIHIRJiL14SGHV0NltnhDYiO1bxmmxhVUezSNbvlTOJcdT rGcD/U+YQ7bFw88fDM5GBL2DxEo3ZmWzBfk8o=
MIME-Version: 1.0
Received: by 10.231.182.196 with HTTP; Mon, 19 Apr 2010 14:23:10 -0700 (PDT)
In-Reply-To: <4BCCBE6A.6060300@lodderstedt.net>
References: <C7F1D1FC.32809%eran@hueniverse.com> <4BCCBE6A.6060300@lodderstedt.net>
Date: Mon, 19 Apr 2010 14:23:10 -0700
Received: by 10.114.236.22 with SMTP id j22mr4792486wah.5.1271712190956; Mon, 19 Apr 2010 14:23:10 -0700 (PDT)
Message-ID: <q2ifd6741651004191423se250189dnd6a1b0af27bf8ad7@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] 'Scope' parameter proposal
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 21:23:26 -0000
+1 Eran's proposal as well On Mon, Apr 19, 2010 at 1:34 PM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote: > +1 > > Am 19.04.2010 18:25, schrieb Eran Hammer-Lahav: >> >> Proposal: >> >> 'scope' is defined as a comma-separated list of resource URIs or resource >> groups (e.g. contacts, photos). The server can provide a list of values >> for >> the client to use in its documentation, or the client can use the URIs or >> scope identifier of the protected resources it is trying to access (before >> or after getting a 401 response). >> >> For example: >> >> 1. Client requests resource >> >> GET /resource HTTP/1.1 >> Host: example.com >> >> 2. Server requires authentication >> >> HTTP/1.1 401 Unauthorized >> WWW-Authenticate: Token realm='Example', scope='x2' >> >> 3. Client requests an access token by including scope=x2 in the request >> >> Alternatively, the client can ask for an access token with >> scope=http://example.com/resource. >> >> If the client needs access to two resource with different scopes, it >> requests an access token for scope=x2,x1. >> >> That's it! >> >> It allows the client to figure out what value to put in the scope >> parameter >> and how to encode multiple scopes without any server-specific >> documentation. >> Servers that wish to rely exclusively on paperwork can just omit the scope >> parameter from the WWW-Authenticate header. >> >> We can pick a different separator (space, semicolon, etc.) or different >> parameter name (resource(s)). >> >> EHL >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Luke Shepard
- Re: [OAUTH-WG] 'Scope' parameter proposal Marius Scurtescu
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Torsten Lodderstedt
- Re: [OAUTH-WG] 'Scope' parameter proposal Marius Scurtescu
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal David Recordon
- Re: [OAUTH-WG] 'Scope' parameter proposal John Kemp
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal John Kemp
- Re: [OAUTH-WG] 'Scope' parameter proposal Marius Scurtescu
- Re: [OAUTH-WG] 'Scope' parameter proposal Dick Hardt
- Re: [OAUTH-WG] 'Scope' parameter proposal Manger, James H
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Torsten Lodderstedt
- Re: [OAUTH-WG] 'Scope' parameter proposal Torsten Lodderstedt
- [OAUTH-WG] Consistency in access token parameter Luke Shepard
- Re: [OAUTH-WG] Consistency in access token parame… Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Joseph Smarr
- Re: [OAUTH-WG] Consistency in access token parame… Joseph Smarr
- Re: [OAUTH-WG] Consistency in access token parame… Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eve Maler
- Re: [OAUTH-WG] 'Scope' parameter proposal Manger, James H
- Re: [OAUTH-WG] 'Scope' parameter proposal John Kemp
- Re: [OAUTH-WG] 'Scope' parameter proposal Chasen Le Hara
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Chasen Le Hara
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal John Kemp
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Chasen Le Hara
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Eve Maler
- Re: [OAUTH-WG] 'Scope' parameter proposal Manger, James H
- Re: [OAUTH-WG] 'Scope' parameter proposal Torsten Lodderstedt
- Re: [OAUTH-WG] 'Scope' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] 'Scope' parameter proposal Brian Eaton
- Re: [OAUTH-WG] 'Scope' parameter proposal Torsten Lodderstedt
- Re: [OAUTH-WG] 'Scope' parameter proposal John Panzer
- Re: [OAUTH-WG] 'Scope' parameter proposal Keenan, Bill
- Re: [OAUTH-WG] 'Scope' parameter proposal Luke Shepard