IETF Logo Mail Archive

Re: [OAUTH-WG] Extensibility for OAuth?

Dick Hardt <dick.hardt@gmail.com> Fri, 25 June 2010 18:22 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A9993A687D for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.48
X-Spam-Level:
X-Spam-Status: No, score=-2.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkD1RXVNyk91 for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:22:09 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 229E028C14D for <oauth@ietf.org>; Fri, 25 Jun 2010 11:22:09 -0700 (PDT)
Received: by pwi6 with SMTP id 6so3543892pwi.31 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:22:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=wlGm3V0r8sZHaBDwFUo3KvwKgIyAf2fPtXo6EUwFnKw=; b=NpMAkZ7nKHhku6qatRAhT3rwkHb06TvHCQxEt0JPDs+RwQK/D5z4KF9GInDc0J4uLV 5XJBZFrCj7ZV6kqSmWHlBYLbdKw1mTgATlG0waEK0IRJRd0M+xDGqi5aiLrHbhfJqRIb sqBbIBpqP2PatwYzP4m2eUjaHae2NkibsdSHg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=PDVj/s+SITq/G+VeynMxk6Cpn91QIZQnUwPlDW9SdCyJ2inrL2GoZJbYgslrQVMPt+ KQc3Sn0b48N4OAhlS1QgD1ZxWHOwKYKamuUv+zhxQOmOpYWdYC4WSv39eL9PeSjwFJBD 2zaOaamKLOEXsRIuX/AqMHLCfA/7h+DymGdqE=
Received: by 10.115.84.8 with SMTP id m8mr1385332wal.9.1277490135435; Fri, 25 Jun 2010 11:22:15 -0700 (PDT)
Received: from [192.168.1.2] (c-24-130-32-55.hsd1.ca.comcast.net [24.130.32.55]) by mx.google.com with ESMTPS id c22sm70210239wam.6.2010.06.25.11.22.14 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 25 Jun 2010 11:22:14 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84999@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Fri, 25 Jun 2010 11:22:13 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <345F0F5E-9401-4B76-98DF-FB7AF53ED0E2@gmail.com>
References: <3D3C75174CB95F42AD6BCC56E5555B4502BE07CC@FIESEXC015.nsn-intra.net> <90C41DD21FB7C64BB94121FBBC2E72343B3EC84973@P3PW5EX1MB01.EX1.SECURESERVER.NET> <B6B3E8C3-6B3B-4428-94E4-1D22A93424E6@gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343B3EC84999@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1078)
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Extensibility for OAuth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:22:18 -0000

Agree that if it is a different kind of function, than a new end point is a good thing.

I'm not understanding the review process below in your example. Would adding language parameters not be an extension? Would that need to be a change to the spec or a new spec?
.
On 2010-06-25, at 11:18 AM, Eran Hammer-Lahav wrote:

> I think the two endpoints are currently well defined. For example, the token endpoint always takes an access grant and turns it into an access token with optional refresh token. To "extend" it to say, register new clients dynamically, is a bad thing. But adding a new parameter (such as language) is a good thing to support, and by requiring review, only parameters that don't change the overall design will be approved.
> 
> EHL
> 
>> -----Original Message-----
>> From: Dick Hardt [mailto:dick.hardt@gmail.com]
>> Sent: Friday, June 25, 2010 11:13 AM
>> To: Eran Hammer-Lahav
>> Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
>> Subject: Re: [OAUTH-WG] Extensibility for OAuth?
>> 
>> Would you elaborate on your reasons here? Do you think we have
>> enumerated all the possibilities?
>> 
>> On 2010-06-25, at 10:59 AM, Eran Hammer-Lahav wrote:
>> 
>>> I would rather limit the ability to extend the two endpoints beyond their
>> current architecture, and instead, allow others to specify new endpoints (e.g.
>> a device endpoint for getting an authorization code without using browser
>> redirection) that work in addition to the token endpoint (using an existing
>> grant type or assertion).
>

v2.40.4 | Report a Bug | By Email | System Status