IETF Logo Mail Archive

Re: [OAUTH-WG] What to do about 'realm'

Pid <pid@pidster.com> Mon, 28 June 2010 07:43 UTC

Return-Path: <pid@pidster.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6EF223A67E3 for <oauth@core3.amsl.com>; Mon, 28 Jun 2010 00:43:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FScTzqhR8UVp for <oauth@core3.amsl.com>; Mon, 28 Jun 2010 00:43:24 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 074AE3A67D9 for <oauth@ietf.org>; Mon, 28 Jun 2010 00:43:22 -0700 (PDT)
Received: by wye20 with SMTP id 20so3777454wye.31 for <oauth@ietf.org>; Mon, 28 Jun 2010 00:43:29 -0700 (PDT)
Received: by 10.216.185.10 with SMTP id t10mr7794960wem.32.1277711008277; Mon, 28 Jun 2010 00:43:28 -0700 (PDT)
Received: from Phoenix.local ([86.14.119.14]) by mx.google.com with ESMTPS id l2sm2240628wej.23.2010.06.28.00.43.26 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 28 Jun 2010 00:43:26 -0700 (PDT)
Message-ID: <4C285291.2060501@pidster.com>
Date: Mon, 28 Jun 2010 08:43:13 +0100
From: Pid <pid@pidster.com>
Organization: Pidster Inc
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: OAuth WG <oauth@ietf.org>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3EC84ADE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <269A7D01-CB98-46F3-9D17-C0AAA31041E4@gmail.com>
In-Reply-To: <269A7D01-CB98-46F3-9D17-C0AAA31041E4@gmail.com>
X-Enigmail-Version: 1.1.1
OpenPGP: id=62590808
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigBCAA1212E7CFD94CE6F762C6"
Subject: Re: [OAUTH-WG] What to do about 'realm'
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: pid@pidster.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2010 07:43:25 -0000

On 28/06/2010 06:37, Dick Hardt wrote:
> I vote for (3) unless a good (4) is suggested.

Ditto.


p

> On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
> 
>> Over the past year many people expressed concerns about the use of the
>> ‘realm’ WWW-Authenticate header parameter. The parameter is defined in
>> RFC 2617 as required, and is allowed to have scheme-specific structure.
>>  
>> We have a few options:
>>  
>> 1. Leave it as required under the definition of RFC 2617 (i.e. provide
>> no help, developers will need to ready 2617 and figure out what to do
>> with it).
>> 2. Update 2617 to remove the requirement – this is not going to be
>> easy or possible to predict success.
>> 3. Provide specific guidance as to what to do with the realm parameter.
>> 4. Something else.
>>  
>> Comments?
>>  
>> EHL
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.39.1 | Report a Bug | By Email | System Status