Re: [OAUTH-WG] Issue: Scope parameter
Dick Hardt <dick.hardt@gmail.com> Mon, 19 April 2010 01:12 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1211C3A6A4A for <oauth@core3.amsl.com>; Sun, 18 Apr 2010 18:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUjPFCm7nECU for <oauth@core3.amsl.com>; Sun, 18 Apr 2010 18:12:40 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id 9DBEE3A6A2F for <oauth@ietf.org>; Sun, 18 Apr 2010 18:12:40 -0700 (PDT)
Received: by pvf33 with SMTP id 33so2731421pvf.31 for <oauth@ietf.org>; Sun, 18 Apr 2010 18:12:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=6fxt7KLeIiMrET12XLNjxdeiT1hY03u0skKKeVNJsoA=; b=ZhvxjG5MxqUNET95qcRFkcpMV2TP316kyWyRx/z0AMCJPihtuqit4xL0v7z+qEDvP1 GqWvR9thm+Kd4BZ8PfJ2jq6ZoGz3XT/mnBybLwjjCukabMkg2dUHRZHMeBwBA9JtayW3 Knx0u+jQqm5K4tki2Q9I6CuwMvb4QIHS6fVtY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Uil7pxeyEtQULZosUFLYv9ESEjeiZuU1FDEp1PYVTmlTqIP1dRHoqHL/HZDj3demM3 pD9UWLDAUXpzH7R3NE/CluN7QcrAT3s4iphrEwkx8bId/pJM8ekUSyPUAyHWVNDHb+hy P1H7c08JBagvxdKXpwi2cmd/4YR+186omich8=
MIME-Version: 1.0
Received: by 10.142.58.3 with HTTP; Sun, 18 Apr 2010 18:12:29 -0700 (PDT)
In-Reply-To: <C7ECB1F7.32357%eran@hueniverse.com>
References: <C7ECB1F7.32357%eran@hueniverse.com>
Date: Sun, 18 Apr 2010 18:12:29 -0700
Received: by 10.142.249.2 with SMTP id w2mr1699326wfh.25.1271639549816; Sun, 18 Apr 2010 18:12:29 -0700 (PDT)
Message-ID: <h2l987bab591004181812ve43197f9la55f59b753bd2959@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="00504502ce95a62fa404848ca7b6"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue: Scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 01:12:42 -0000
The scope parameter was included in WRAP at the request of library and AS implementors to standardize a commonly included parameters. The client_id parameter seems similar to the scope parameter. The meaning of client_id is not defined in the spec and is AS specific. A client_id that a developer uses with one AS may be different at a different AS. The argument that defining the scope parameter will cause more confusion is confusing itself. Why would a developer think they can use the same scope at two different AS? The developer has to manage different client_ids, different endpoint URIs and different PRs: not to mention different APIs. Having a different scope between AS seems natural. Having a vendor defined parameter name for different AS that all mean scope seems suboptimal. A related example. Email has a subject parameter, we all have a similar idea what it means, and it can be used differently in different situations, but it was useful to create the placeholder for the optional subject of an email message. Proposal: put optional scope parameter back into all calls to obtain an access token. Put optional scope parameter into calls to refresh an access token. -- Dick On Thu, Apr 15, 2010 at 12:07 PM, Eran Hammer-Lahav <eran@hueniverse.com>wrote: > WRAP includes a loosely defined scope parameter which allows for > vendor-specific (and non-interoperable) use cases. This was requested by > many working group members to be included in OAuth 2.0 with the argument > that while it doesn't help interop, it makes using clients easier. > > The problem with a general purpose scope parameter that is completely > undefined in structure is that it hurts interop more than it helps. It > creates an expectation that values can be used across services, and it > cannot be used without another spec defining its content and structure. > Such > as spec can simply define its own parameter. > > In addition, it is not clear what belongs in scope (list of resources, > access type, duration of access, right to share data, rights to > re-delegate). > > The rules should be that if a parameter cannot be used without another > documentation, it should be defined in that other document. > > Proposal: Request proposals for a scope parameter definition that improve > interop. Otherwise, keep the parameter out of the core spec. > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Mark Mcgloin
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Luke Shepard
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Anthony Nadalin
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Evan Gilbert
- Re: [OAUTH-WG] Issue: Scope parameter Justin Richer
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav