Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
Torsten Lodderstedt <torsten@lodderstedt.net> Fri, 20 January 2012 23:22 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E393F21F86AF for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 15:22:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3Q2SvTEU5Z0 for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 15:22:58 -0800 (PST)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.31.24]) by ietfa.amsl.com (Postfix) with ESMTP id 1A34A21F861B for <oauth@ietf.org>; Fri, 20 Jan 2012 15:22:57 -0800 (PST)
Received: from [91.2.70.47] (helo=[192.168.71.31]) by smtprelay01.ispgateway.de with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1RoNl4-00081J-8W; Sat, 21 Jan 2012 00:22:55 +0100
References: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET>
User-Agent: K-9 Mail for Android
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----WJVYPODLC8YR42PF21QQ7W4O7XG4YH"
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Sat, 21 Jan 2012 00:20:16 +0100
To: Eran Hammer <eran@hueniverse.com>, OAuth WG <oauth@ietf.org>
Message-ID: <b813efbc-5144-4ebb-9211-cb0f39f9da13@email.android.com>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Subject: Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2012 23:22:59 -0000
MUST sounds reasonable Eran Hammer <eran@hueniverse.com> schrieb: The current text: If the issued access token scope is different from the one requested by the client, the authorization server SHOULD include the "scope" response parameter to inform the client of the actual scope granted. Stephen asked why not a MUST. I think it should be MUST. Any disagreement? EHL
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Igor Faynberg
- [OAUTH-WG] SHOULD vs MUST for indicating scope on… Eran Hammer
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Torsten Lodderstedt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Dick Hardt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… John Bradley
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Justin Richer