Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

[Hannes Tschofenig <hannes.tschofenig@gmx.net>]

Hi Mike, 

what values do we want to support? 

We know that from the base specification we want a list of space-delimited, case sensitive strings.

We don't want support for internationalized character-sets. 

Ciao
Hannes

On Oct 14, 2011, at 9:32 PM, Mike Jones wrote:

> The core spec says "The strings are defined by the authorization server" (see http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3).  I don't see a reason to change that - especially this late in the game.  I am not introducing any standardized or reserved values.
> 
> My intent is not require or even suggest that scope values should be URIs.  My intent is to not preclude them from being so.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] 
> Sent: Friday, October 14, 2011 11:27 AM
> To: Mike Jones
> Cc: Hannes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
> 
> Hi Mike, 
> 
> On Oct 14, 2011, at 6:42 PM, Mike Jones wrote:
> 
>> 2.  Scope - I was planning to allow a broader set of ASCII characters than the "token" set, as these characters are inadequate for the use of URIs/URLs as scope elements.  In particular, scope elements need to permit the full sets of "reserved" and "unreserved" characters in RFC 3986.  The draft I am working on will say that scope is a space separated set of elements, where the elements consist of one or more characters from the union of the "reserved" and "unreserved" sets.
> 
> Wouldn't it be more useful to say that you either want some plaintext values for the scope or URLs but not both?
> 
> Also, if you want to introduce "standardized" (or reserved values) then you have to 
> a) specify them now (with no ability to change them), or 
> b) prefix them.
> 
> Ciao
> Hannes
> 
>