IETF Logo Mail Archive

[OAUTH-WG] What to do about 'realm'

Eran Hammer-Lahav <eran@hueniverse.com> Mon, 28 June 2010 01:51 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A97D3A68B6 for <oauth@core3.amsl.com>; Sun, 27 Jun 2010 18:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.977
X-Spam-Level:
X-Spam-Status: No, score=-0.977 tagged_above=-999 required=5 tests=[AWL=-0.979, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aor4VstjZnkX for <oauth@core3.amsl.com>; Sun, 27 Jun 2010 18:51:43 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id 163E33A67CF for <oauth@ietf.org>; Sun, 27 Jun 2010 18:51:38 -0700 (PDT)
Received: (qmail 20027 invoked from network); 28 Jun 2010 01:51:47 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 28 Jun 2010 01:51:47 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Sun, 27 Jun 2010 18:51:47 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Date: Sun, 27 Jun 2010 18:51:46 -0700
Thread-Topic: What to do about 'realm'
Thread-Index: AcsWZA3VaAGfBKT6Rq+fJ1qCaXCqog==
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADE@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADEP3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: [OAUTH-WG] What to do about 'realm'
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2010 01:51:46 -0000

Over the past year many people expressed concerns about the use of the 'realm' WWW-Authenticate header parameter. The parameter is defined in RFC 2617 as required, and is allowed to have scheme-specific structure.

We have a few options:

1. Leave it as required under the definition of RFC 2617 (i.e. provide no help, developers will need to ready 2617 and figure out what to do with it).
2. Update 2617 to remove the requirement - this is not going to be easy or possible to predict success.
3. Provide specific guidance as to what to do with the realm parameter.
4. Something else.

Comments?

EHL

v2.38.3 | Report a Bug | By Email | System Status