IETF Logo Mail Archive

[OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

Eran Hammer-Lahav <eran@hueniverse.com> Sun, 09 May 2010 21:06 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F8683A68E4 for <oauth@core3.amsl.com>; Sun, 9 May 2010 14:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.17
X-Spam-Level:
X-Spam-Status: No, score=-1.17 tagged_above=-999 required=5 tests=[AWL=-1.171, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R43g2U9UrrQf for <oauth@core3.amsl.com>; Sun, 9 May 2010 14:06:54 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id B24E03A6822 for <oauth@ietf.org>; Sun, 9 May 2010 14:06:54 -0700 (PDT)
Received: (qmail 31083 invoked from network); 9 May 2010 21:06:43 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 9 May 2010 21:06:43 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Sun, 9 May 2010 14:06:43 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Date: Sun, 09 May 2010 14:06:43 -0700
Thread-Topic: Open Issues: Group Survey (respond by 5/13)
Thread-Index: Acrvu4cfH3LKPgwRQV+7sW5YxUA1vA==
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2010 21:06:55 -0000

DEADLINE: 5/13

I would like to publish one more draft before our interim meeting in two weeks (5/20). Below are two open issues we have on the list. Please reply with your preference (or additional solutions) to each item. Issues with consensus will be incorporated into the next draft. Those without will be discussed at the meeting.

EHL

---

1. Server Response Format

After extensive debate, we have a large group in favor of using JSON as the only response format (current draft). We also have a smaller group but with stronger feelings on the subject that JSON adds complexity with no obvious value.

A. Form-encoded only (original draft)
B. JSON only (current draft)
C. JSON as default with form-encoded and XML available with an optional request parameter

---

2. Client Authentication (in flows)

How should the client authenticate when making token requests? The current draft defines special request parameters for sending client credentials. Some have argued that this is not the correct way, and that the client should be using existing HTTP authentication schemes to accomplish that such as Basic.

A. Client authenticates by sending its credentials using special parameters (current draft)
B. Client authenticated by using HTTP Basic (or other schemes supported by the server such as Digest)

v2.23.0 | Report a Bug | By Email