IETF Logo Mail Archive

Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration

Justin Richer <jricher@mitre.org> Wed, 22 May 2013 18:20 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F03D321F8F61 for <oauth@ietfa.amsl.com>; Wed, 22 May 2013 11:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.582
X-Spam-Level:
X-Spam-Status: No, score=-5.582 tagged_above=-999 required=5 tests=[AWL=-0.650, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uds9FaMxL6bN for <oauth@ietfa.amsl.com>; Wed, 22 May 2013 11:20:29 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 07FA221F8F09 for <oauth@ietf.org>; Wed, 22 May 2013 11:20:28 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 0A2021F0558 for <oauth@ietf.org>; Wed, 22 May 2013 14:20:28 -0400 (EDT)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id E6D261F0511 for <oauth@ietf.org>; Wed, 22 May 2013 14:20:27 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS03.MITRE.ORG (129.83.29.80) with Microsoft SMTP Server (TLS) id 14.2.342.3; Wed, 22 May 2013 14:20:27 -0400
Message-ID: <519D0C4D.60002@mitre.org>
Date: Wed, 22 May 2013 14:19:57 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
References: <MLQM-20130520122606192-37488@mlite.mitre.org>
In-Reply-To: <MLQM-20130520122606192-37488@mlite.mitre.org>
Content-Type: multipart/alternative; boundary="------------040307060206030802000200"
X-Originating-IP: [129.83.31.56]
Subject: Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2013 18:20:41 -0000

Speaking as an implementor, I'm actually in favor of changing 
"expires_at" and "issued_at" to the values proposed below. It would 
require some minor code changes on my end, but the impact would be 
minimal, and I think that the new names are *much* more clear to new 
developers. I think it will save us a lot of questions and headaches 
going forward. I believe that changing it now will have minimal impact 
on any deployed and running code (there are no large-scale services that 
I am aware of), and it will make things clearer. So I vote for "B" for 
#1 and #2.

I believe "token_endpoint_auth_method" is sufficient as is, since the 
client is the only thing that authenticates to the token endpoint.


*[[ Note: As an editor, I don't believe it's really in my power to make 
that change unless there's support in the working group for making it. I 
**/really/**want more feedback from people, with explanation if you can. 
]]**
*
  -- Justin


On 05/20/2013 11:09 AM, Justin Richer wrote:
> Phil Hunt's review of the Dynamic Registration specification has 
> raised a couple of issues that I felt were getting buried by the 
> larger discussion (which I still strongly encourage others to jump in 
> to). Namely, Phil has suggested a couple of syntax changes to the 
> names of several parameters.
>
>
> 1) expires_at -> client_secret_expires_at
> 2) issued_at -> client_id_issued_at
> 3) token_endpoint_auth_method -> token_endpoint_client_auth_method
>
>
> I'd like to get a feeling, *especially from developers* who have 
> deployed this draft spec, what we ought to do for each of these:
>
>  A) Keep the parameter names as-is
>  B) Adopt the new names as above
>  C) Adopt a new name that I will specify
>
> In all cases, clarifying text will be added to the parameter 
> *definitions* so that it's more clear to people reading the spec what 
> each piece does. Speaking as the editor: "A" is the default as far as 
> I'm concerned, since we shouldn't change syntax without very good 
> reason to do so. That said, if it's going to be better for developers 
> with the new parameter names, I am open to fixing them now.
>
> Naming things is hard.
>
>  -- Justin
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email