Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
Yaron Goland <yarong@microsoft.com> Thu, 13 May 2010 20:50 UTC
Return-Path: <yarong@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 99D693A68EB for <oauth@core3.amsl.com>; Thu, 13 May 2010 13:50:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.666
X-Spam-Level:
X-Spam-Status: No, score=-8.666 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lUMogKx1BRWn for <oauth@core3.amsl.com>; Thu, 13 May 2010 13:50:52 -0700 (PDT)
Received: from smtp.microsoft.com (mailc.microsoft.com [131.107.115.214]) by core3.amsl.com (Postfix) with ESMTP id 5F5523A68DE for <oauth@ietf.org>; Thu, 13 May 2010 13:50:52 -0700 (PDT)
Received: from TK5EX14CASC132.redmond.corp.microsoft.com (157.54.52.17) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 13 May 2010 13:50:41 -0700
Received: from TK5EX14MBXC117.redmond.corp.microsoft.com ([169.254.8.11]) by TK5EX14CASC132.redmond.corp.microsoft.com ([157.54.52.17]) with mapi; Thu, 13 May 2010 13:50:20 -0700
From: Yaron Goland <yarong@microsoft.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: Open Issues: Group Survey (respond by 5/13)
Thread-Index: Acrvu4cfH3LKPgwRQV+7sW5YxUA1vAC/+jNgAAhGIwA=
Date: Thu, 13 May 2010 20:50:17 +0000
Message-ID: <7C01E631FF4B654FA1E783F1C0265F8C4A42BFCC@TK5EX14MBXC117.redmond.corp.microsoft.com>
References: <ADB082E11CEB5D49A3CC03E49DCECE02378CB8A679@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E72343B3B698808@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3B698808@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 20:50:53 -0000
I went through and counted all the votes I could find in the mail archive (I have reproduced the results below). 8 people explicitly stated a preference for A or B (of those 4 explicitly stated they don't want C). Only 3 people voted for C as their first choice. Even if we bunch together people who voted for C and people who could live with C (but picked another option as their first choice) that is still only 5 who expressed any level of preference for C versus 6 people who didn't pick C at all. Given these numbers I am at a loss to understand why you believe a consensus (weak or otherwise) exists for C. Could you please explain your reasoning? Thanks, Yaron Vivek Khurana - A or B but not C Yaron Goland - A then B but not C David Waite - A or B but doesn't like C Mike Moore - A (but not C) Dick Hardt - B James H Manger - B Torsten Lodderstedt - B but could live with C Joseph Smarr - B but could live with C Justin P. Richer - C Eran Hammer-Lahav - C David Recordon - C Mark Mcgloin - No preference > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Eran Hammer-Lahav > Sent: Thursday, May 13, 2010 10:01 AM > To: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13) > > Thanks to those who participated! > > Some conclusions: > > > 1. Server Response Format > > > > After extensive debate, we have a large group in favor of using JSON > > as the only response format (current draft). We also have a smaller > > group but with stronger feelings on the subject that JSON adds > > complexity with no obvious value. > > > > A. Form-encoded only (original draft) > > B. JSON only (current draft) > > C. JSON as default with form-encoded and XML available with an > > optional request parameter > > It seems like we have weak consensus to go with C where the server must > support all three formats, and the client can use either one. This approach > addresses most of the concerns around client complexity / size. Only one > person strongly objected to C (without an explanation that can be > addressed). Summing up the results was hard because many people had no > strong preference between A and B but with each of the three options > received about a third of the votes. > > My guess is that if we held another vote asking if the spec should only > support form-encoded or all three - all three will get most of the votes (and > same if we made JSON the only option or all three). This is why C is really the > only way to move forward at this point. We can revisit this later if > implementation experience shows supporting all three in this manner is a > problem. > > I am going to add this to the specification as a point of reference for future > discussions. > > > 2. Client Authentication (in flows) > > > > How should the client authenticate when making token requests? The > > current draft defines special request parameters for sending client > > credentials. Some have argued that this is not the correct way, and > > that the client should be using existing HTTP authentication schemes > > to accomplish that such as Basic. > > > > A. Client authenticates by sending its credentials using special > > parameters (current draft) B. Client authenticated by using HTTP Basic > > (or other schemes supported by the server such as Digest) > > Weak consensus to support both request parameters and HTTP Basic > authentication (with other schemes as optional). I will add a new section to > the draft allowing replacing the parameters with an HTTP authentication > header. The flows text will remain the same. > > EHL > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… DeWitt Clinton
- [OAUTH-WG] Open Issues: Group Survey (respond by … Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Recordon
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… David Waite
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mark Mcgloin
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Richer, Justin P.
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Dick Hardt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Mike Moore
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Joseph Smarr
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Pid
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yutaka OIWA
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Vivek Khurana
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Robert Sayre
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Greg Brail
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Torsten Lodderstedt
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Kris Selden
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Yaron Goland
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Eran Hammer-Lahav
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Evan Gilbert
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Marius Scurtescu
- Re: [OAUTH-WG] Open Issues: Group Survey (respond… Manger, James H