Return-Path: X-Original-To: oauth@core3.amsl.com Delivered-To: oauth@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A97D3A68B6 for ; Sun, 27 Jun 2010 18:51:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.977 X-Spam-Level: X-Spam-Status: No, score=-0.977 tagged_above=-999 required=5 tests=[AWL=-0.979, BAYES_50=0.001, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aor4VstjZnkX for ; Sun, 27 Jun 2010 18:51:43 -0700 (PDT) Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id 163E33A67CF for ; Sun, 27 Jun 2010 18:51:38 -0700 (PDT) Received: (qmail 20027 invoked from network); 28 Jun 2010 01:51:47 -0000 Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 28 Jun 2010 01:51:47 -0000 Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Sun, 27 Jun 2010 18:51:47 -0700 From: Eran Hammer-Lahav To: "OAuth WG (oauth@ietf.org)" Date: Sun, 27 Jun 2010 18:51:46 -0700 Thread-Topic: What to do about 'realm' Thread-Index: AcsWZA3VaAGfBKT6Rq+fJ1qCaXCqog== Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADE@P3PW5EX1MB01.EX1.SECURESERVER.NET> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADEP3PW5EX1MB01E_" MIME-Version: 1.0 Subject: [OAUTH-WG] What to do about 'realm' X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2010 01:51:46 -0000 --_000_90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADEP3PW5EX1MB01E_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Over the past year many people expressed concerns about the use of the 'rea= lm' WWW-Authenticate header parameter. The parameter is defined in RFC 2617= as required, and is allowed to have scheme-specific structure. We have a few options: 1. Leave it as required under the definition of RFC 2617 (i.e. provide no h= elp, developers will need to ready 2617 and figure out what to do with it). 2. Update 2617 to remove the requirement - this is not going to be easy or = possible to predict success. 3. Provide specific guidance as to what to do with the realm parameter. 4. Something else. Comments? EHL --_000_90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADEP3PW5EX1MB01E_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Over the past ye= ar many people expressed concerns about the use of the ‘realm’ = WWW-Authenticate header parameter. The parameter is defined in RFC 2617 as = required, and is allowed to have scheme-specific structure.

<= p class=3DMsoNormal> 

We have a few= options:

 

1. Leave it as required under the definition of RFC 2617 (i.e.= provide no help, developers will need to ready 2617 and figure out what to= do with it).

2. Update 2617 to remove t= he requirement – this is not going to be easy or possible to predict = success.

3. Provide specific guidance as= to what to do with the realm parameter.

4. Something else.

 

Comments?

&nb= sp;

EHL

= --_000_90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADEP3PW5EX1MB01E_--