Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
 with ESMTP id 5A9993A687D for <oauth@core3.amsl.com>;
 Fri, 25 Jun 2010 11:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.48
X-Spam-Level: 
X-Spam-Status: No, score=-2.48 tagged_above=-999 required=5 tests=[AWL=0.119,
 BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkD1RXVNyk91 for
 <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:22:09 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com
 [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 229E028C14D for
 <oauth@ietf.org>; Fri, 25 Jun 2010 11:22:09 -0700 (PDT)
Received: by pwi6 with SMTP id 6so3543892pwi.31 for <oauth@ietf.org>;
 Fri, 25 Jun 2010 11:22:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
 h=domainkey-signature:received:received:subject:mime-version
 :content-type:from:in-reply-to:date:cc:content-transfer-encoding
 :message-id:references:to:x-mailer;
 bh=wlGm3V0r8sZHaBDwFUo3KvwKgIyAf2fPtXo6EUwFnKw=;
 b=NpMAkZ7nKHhku6qatRAhT3rwkHb06TvHCQxEt0JPDs+RwQK/D5z4KF9GInDc0J4uLV
 5XJBZFrCj7ZV6kqSmWHlBYLbdKw1mTgATlG0waEK0IRJRd0M+xDGqi5aiLrHbhfJqRIb
 sqBbIBpqP2PatwYzP4m2eUjaHae2NkibsdSHg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
 h=subject:mime-version:content-type:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to:x-mailer;
 b=PDVj/s+SITq/G+VeynMxk6Cpn91QIZQnUwPlDW9SdCyJ2inrL2GoZJbYgslrQVMPt+
 KQc3Sn0b48N4OAhlS1QgD1ZxWHOwKYKamuUv+zhxQOmOpYWdYC4WSv39eL9PeSjwFJBD
 2zaOaamKLOEXsRIuX/AqMHLCfA/7h+DymGdqE=
Received: by 10.115.84.8 with SMTP id m8mr1385332wal.9.1277490135435;
 Fri, 25 Jun 2010 11:22:15 -0700 (PDT)
Received: from [192.168.1.2] (c-24-130-32-55.hsd1.ca.comcast.net
 [24.130.32.55]) by mx.google.com with ESMTPS id
 c22sm70210239wam.6.2010.06.25.11.22.14 (version=TLSv1/SSLv3 cipher=RC4-MD5);
 Fri, 25 Jun 2010 11:22:14 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset=us-ascii
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84999@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Fri, 25 Jun 2010 11:22:13 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <345F0F5E-9401-4B76-98DF-FB7AF53ED0E2@gmail.com>
References: <3D3C75174CB95F42AD6BCC56E5555B4502BE07CC@FIESEXC015.nsn-intra.net>
 <90C41DD21FB7C64BB94121FBBC2E72343B3EC84973@P3PW5EX1MB01.EX1.SECURESERVER.NET>
 <B6B3E8C3-6B3B-4428-94E4-1D22A93424E6@gmail.com>
 <90C41DD21FB7C64BB94121FBBC2E72343B3EC84999@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1078)
Cc: "Tschofenig, Hannes \(NSN - FI/Espoo\)" <hannes.tschofenig@nsn.com>,
 OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Extensibility for OAuth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
 <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
 <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:22:18 -0000

Agree that if it is a different kind of function, than a new end point =
is a good thing.

I'm not understanding the review process below in your example. Would =
adding language parameters not be an extension? Would that need to be a =
change to the spec or a new spec?
.
On 2010-06-25, at 11:18 AM, Eran Hammer-Lahav wrote:

> I think the two endpoints are currently well defined. For example, the =
token endpoint always takes an access grant and turns it into an access =
token with optional refresh token. To "extend" it to say, register new =
clients dynamically, is a bad thing. But adding a new parameter (such as =
language) is a good thing to support, and by requiring review, only =
parameters that don't change the overall design will be approved.
>=20
> EHL
>=20
>> -----Original Message-----
>> From: Dick Hardt [mailto:dick.hardt@gmail.com]
>> Sent: Friday, June 25, 2010 11:13 AM
>> To: Eran Hammer-Lahav
>> Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
>> Subject: Re: [OAUTH-WG] Extensibility for OAuth?
>>=20
>> Would you elaborate on your reasons here? Do you think we have
>> enumerated all the possibilities?
>>=20
>> On 2010-06-25, at 10:59 AM, Eran Hammer-Lahav wrote:
>>=20
>>> I would rather limit the ability to extend the two endpoints beyond =
their
>> current architecture, and instead, allow others to specify new =
endpoints (e.g.
>> a device endpoint for getting an authorization code without using =
browser
>> redirection) that work in addition to the token endpoint (using an =
existing
>> grant type or assertion).
>=20