Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

John Bradley <ve7jtb@ve7jtb.com> Sat, 21 January 2012 01:22 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAB0B21F85D8 for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 17:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.9
X-Spam-Level:
X-Spam-Status: No, score=-2.9 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xYtuFB1iSlM for <oauth@ietfa.amsl.com>; Fri, 20 Jan 2012 17:22:39 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id C23DF21F854B for <oauth@ietf.org>; Fri, 20 Jan 2012 17:22:06 -0800 (PST)
Received: by ghbg16 with SMTP id g16so130686ghb.31 for <oauth@ietf.org>; Fri, 20 Jan 2012 17:22:04 -0800 (PST)
Received: by 10.236.139.234 with SMTP id c70mr99027yhj.33.1327108924667; Fri, 20 Jan 2012 17:22:04 -0800 (PST)
Received: from [192.168.1.214] ([190.22.42.52]) by mx.google.com with ESMTPS id s7sm13196125anc.4.2012.01.20.17.22.01 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 20 Jan 2012 17:22:03 -0800 (PST)
References: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET> <b813efbc-5144-4ebb-9211-cb0f39f9da13@email.android.com> <35BD8E89-A024-4034-8E89-95F4814F9C6C@gmail.com>
In-Reply-To: <35BD8E89-A024-4034-8E89-95F4814F9C6C@gmail.com>
Mime-Version: 1.0 (1.0)
Message-Id: <BAFD266B-F627-46CF-9BE6-9D21477E33BA@ve7jtb.com>
X-Mailer: iPhone Mail (9A405)
From: John Bradley <ve7jtb@ve7jtb.com>
Date: Fri, 20 Jan 2012 22:22:00 -0300
To: Dick Hardt <dick.hardt@gmail.com>
X-Gm-Message-State: ALoCoQnuyqJL7cHizbGSwEV4n5/5TusJTQiKVo+MJGjvPd0/KGOMtJx02/ykb4RJRCDRhjRFP8r7
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary=Apple-Mail-58EE276B-8E3B-4881-A755-7BE2B6855A90
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jan 2012 01:22:39 -0000

+1

Sent from my iPhone

On 2012-01-20, at 8:50 PM, Dick Hardt <dick.hardt@gmail.com> wrote:

> +!
> 
> On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
> 
>> MUST sounds reasonable 
>> 
>> 
>> 
>> Eran Hammer <eran@hueniverse.com> schrieb:
>> The current text:
>>  
>>    If the issued access token scope
>>    is different from the one requested by the client, the authorization
>>    server SHOULD include the "scope" response parameter to inform the
>>    client of the actual scope granted.
>>  
>> Stephen asked why not a MUST. I think it should be MUST. Any disagreement?
>>  
>> EHL
>>  
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth