Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
Todd W Lainhart <lainhart@us.ibm.com> Mon, 04 February 2013 15:07 UTC
Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B560421F885B for <oauth@ietfa.amsl.com>; Mon, 4 Feb 2013 07:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.47
X-Spam-Level:
X-Spam-Status: No, score=-10.47 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSOJ6M2kXvr1 for <oauth@ietfa.amsl.com>; Mon, 4 Feb 2013 07:07:02 -0800 (PST)
Received: from e9.ny.us.ibm.com (e9.ny.us.ibm.com [32.97.182.139]) by ietfa.amsl.com (Postfix) with ESMTP id BF8FF21F869C for <oauth@ietf.org>; Mon, 4 Feb 2013 07:07:01 -0800 (PST)
Received: from /spool/local by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Mon, 4 Feb 2013 10:06:59 -0500
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e9.ny.us.ibm.com (192.168.1.109) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 4 Feb 2013 10:06:56 -0500
Received: from d01relay01.pok.ibm.com (d01relay01.pok.ibm.com [9.56.227.233]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id AAA516E8040 for <oauth@ietf.org>; Mon, 4 Feb 2013 10:06:54 -0500 (EST)
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay01.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r14F6tgf297672 for <oauth@ietf.org>; Mon, 4 Feb 2013 10:06:55 -0500
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r14F6t4t017927 for <oauth@ietf.org>; Mon, 4 Feb 2013 13:06:55 -0200
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r14F6qlo017455; Mon, 4 Feb 2013 13:06:52 -0200
In-Reply-To: <51099FBA.1060608@mitre.org>
References: <OF3031393A.750F4AB2-ON85257B03.007AD84B-85257B03.007B56E7@us.ibm.com> <MLQM-20130130173104302-123870@mlite.mitre.org> <51099FBA.1060608@mitre.org>
To: Justin Richer <jricher@mitre.org>
MIME-Version: 1.0
X-KeepSent: 0C4DFB94:D230FCE2-85257B08:0052DA9C; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP2 SHF22 July 19, 2012
Message-ID: <OF0C4DFB94.D230FCE2-ON85257B08.0052DA9C-85257B08.00530629@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Mon, 04 Feb 2013 10:06:50 -0500
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF4|December 14, 2012) at 02/04/2013 10:06:52, Serialize complete at 02/04/2013 10:06:52
Content-Type: multipart/alternative; boundary="=_alternative 0053062885257B08_="
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13020415-7182-0000-0000-000004EA9A6B
Cc: IETF oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2013 15:07:02 -0000
Has there been any thinking or movement as to whether the scopes syntax stands as is, or aligns with 6749? Of the folks who chose to respond, it seemed like the position was split. From: Justin Richer <jricher@mitre.org> To: Todd W Lainhart/Lexington/IBM@IBMUS, Cc: IETF oauth WG <oauth@ietf.org> Date: 01/30/2013 05:34 PM Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax I should add that this is also a bit of an artifact of our implementation. Internally, we parse and store scopes as collections of discrete strings and process them that way. So serialization of that value naturally fell to a JSON list. -- Justin On 01/30/2013 05:29 PM, Justin Richer wrote: It's not meant to follow the same syntax. Instead, it's making use of the JSON object structure to avoid additional parsing of the values on the client side. We could fairly easily define it as the same space-delimited string if enough people want to keep the scope format consistent. -- Justin On 01/30/2013 05:27 PM, Todd W Lainhart wrote: That the scope syntax in draft-richer-oauth-introspection-01 is different than RFC 6749 Section 3.3, as in: "scope": ["read", "write", "dolphin"], vs. scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) Should introspection-01 follow the 6749 syntax for scopes? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] draft-richer-oauth-introspection-01 sc… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Justin Richer
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Mike Jones
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Justin Richer
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Craig McClanahan
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Mike Jones
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Donald F Coffin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Sergey Beryozkin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Richer, Justin P.
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Donald F Coffin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart