Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
Justin Richer <jricher@mitre.org> Mon, 23 January 2012 16:28 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F17EB21F86EB for <oauth@ietfa.amsl.com>; Mon, 23 Jan 2012 08:28:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H3YO8yKt83j7 for <oauth@ietfa.amsl.com>; Mon, 23 Jan 2012 08:28:37 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id EA3E421F86E8 for <oauth@ietf.org>; Mon, 23 Jan 2012 08:28:36 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id BE8CE21B13D8; Mon, 23 Jan 2012 11:28:33 -0500 (EST)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id B00F421B13D2; Mon, 23 Jan 2012 11:28:33 -0500 (EST)
Received: from [129.83.50.12] (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server (TLS) id 14.1.339.1; Mon, 23 Jan 2012 11:28:33 -0500
Message-ID: <4F1D8A73.2050305@mitre.org>
Date: Mon, 23 Jan 2012 11:27:31 -0500
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20111229 Thunderbird/9.0
MIME-Version: 1.0
To: Eran Hammer <eran@hueniverse.com>
References: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Content-Type: multipart/alternative; boundary="------------000300040602090505010506"
X-Originating-IP: [129.83.31.51]
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2012 16:28:38 -0000
+1, sounds reasonable to me and I don't see why not. Also, it fits with current implementations that I'm familiar with. -- Justin On 01/20/2012 06:19 PM, Eran Hammer wrote: > > The current text: > > If the issued access token scope > > is different from the one requested by the client, the authorization > > server SHOULD include the "scope" response parameter to inform the > > client of the actual scope granted. > > Stephen asked why not a MUST. I think it should be MUST. Any disagreement? > > EHL > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Igor Faynberg
- [OAUTH-WG] SHOULD vs MUST for indicating scope on… Eran Hammer
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Torsten Lodderstedt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Dick Hardt
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… John Bradley
- Re: [OAUTH-WG] SHOULD vs MUST for indicating scop… Justin Richer