Re: [OAUTH-WG] Draft 20 last call comments

"Lodderstedt, Torsten" <t.lodderstedt@telekom.de> Thu, 18 August 2011 07:23 UTC

Return-Path: <t.lodderstedt@telekom.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 618EC5E800C for <oauth@ietfa.amsl.com>; Thu, 18 Aug 2011 00:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[AWL=0.401, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7XpQngyGP+ob for <oauth@ietfa.amsl.com>; Thu, 18 Aug 2011 00:23:37 -0700 (PDT)
Received: from tcmail33.telekom.de (tcmail33.telekom.de [194.25.30.7]) by ietfa.amsl.com (Postfix) with ESMTP id 5D2E35E8002 for <oauth@ietf.org>; Thu, 18 Aug 2011 00:23:37 -0700 (PDT)
Received: from g8pxb.blf01.telekom.de ([164.25.63.141]) by tcmail31.telekom.de with ESMTP; 18 Aug 2011 09:24:26 +0200
Received: from QEO40065.de.t-online.corp (QEO40065.de.t-online.corp [10.224.209.65]) by g8pxd.blf01.telekom.de with ESMTP; Thu, 18 Aug 2011 09:24:26 +0200
Received: from QEO40072.de.t-online.corp ([169.254.1.155]) by QEO40065.de.t-online.corp ([10.224.209.65]) with mapi; Thu, 18 Aug 2011 09:24:25 +0200
From: "Lodderstedt, Torsten" <t.lodderstedt@telekom.de>
To: Eran Hammer-Lahav <eran@hueniverse.com>, Justin Richer <jricher@mitre.org>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Date: Thu, 18 Aug 2011 09:24:25 +0200
Thread-Topic: [OAUTH-WG] Draft 20 last call comments
Thread-Index: AcxYcNP9BMbO/ni8T3yA7gll5itVuwEgmb+AACDH8JA=
Message-Id: <63366D5A116E514AA4A9872D3C533539570852FDA5@QEO40072.de.t-online.corp>
References: <1313096811.22073.96.camel@ground> <90C41DD21FB7C64BB94121FBBC2E72345029DFA82D@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72345029DFA82D@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: de-DE
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Anganes, Amanda L" <aanganes@mitre.org>
Subject: Re: [OAUTH-WG] Draft 20 last call comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 07:23:39 -0000

>> 1.3/1.4/1.5: Consider switching order to Authorization Grant, Access Token,
>> Refresh Token

>Not sure. What do others think? I put access token first because it is a more important term to get out of the >way.

I would rather consider to change order to Access Token, Refresh Token, Authorization Grant since the first two are the core OAuth concepts developers must become familiar with. Authorization grants are "just" an mean to an end to get the token for certain client types. Moreover, I expect the number of authorization grants to increase over time.

>> 2.3: Should "... cannot be used alone" be made into a normative, as "...
>> MUST NOT be used alone"?

>I'm ok with that. Anyone else?

+1

regards,
Torsten.