[OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
Eran Hammer <eran@hueniverse.com> Fri, 20 January 2012 23:19 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 992D921F85F0 for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 15:19:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.479
X-Spam-Level:
X-Spam-Status: No, score=-2.479 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CH5Eacj7+TBG for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 15:19:27 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id C0C2521F85EF for <oauth@ietf.org>; Fri, 20 Jan 2012 15:19:27 -0800 (PST)
Received: (qmail 10914 invoked from network); 20 Jan 2012 23:19:27 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 20 Jan 2012 23:19:27 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Fri, 20 Jan 2012 16:19:23 -0700
From: Eran Hammer <eran@hueniverse.com>
To: OAuth WG <oauth@ietf.org>
Date: Fri, 20 Jan 2012 16:19:12 -0700
Thread-Topic: SHOULD vs MUST for indicating scope on response when different from client request
Thread-Index: AczXydXeHyPxe7flRt6JnM0WhQ4x+A==
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E723453AAB96537P3PW5EX1MB01E_"
MIME-Version: 1.0
Subject: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2012 23:19:28 -0000
The current text: If the issued access token scope is different from the one requested by the client, the authorization server SHOULD include the "scope" response parameter to inform the client of the actual scope granted. Stephen asked why not a MUST. I think it should be MUST. Any disagreement? EHL
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Igor Faynberg
- [OAUTH-WG] SHOULD vs MUST for indicating scope on… Eran Hammer
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Torsten Lodderstedt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Dick Hardt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… John Bradley
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Justin Richer