Re: [OAUTH-WG] Proposed resolution for issue 26
Justin Richer <jricher@mitre.org> Wed, 05 October 2011 12:45 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A7521F8D35 for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 05:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.581
X-Spam-Level:
X-Spam-Status: No, score=-6.581 tagged_above=-999 required=5 tests=[AWL=0.018, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bp1xA6O2FSRP for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 05:45:17 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 1538B21F8D31 for <oauth@ietf.org>; Wed, 5 Oct 2011 05:45:17 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id A0AED21B10DC; Wed, 5 Oct 2011 08:48:24 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 9B89D21B0B03; Wed, 5 Oct 2011 08:48:24 -0400 (EDT)
Received: from [129.83.50.1] (129.83.31.55) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server id 14.1.339.1; Wed, 5 Oct 2011 08:48:24 -0400
From: Justin Richer <jricher@mitre.org>
To: Mark Lentczner <mzero@google.com>
In-Reply-To: <CA+CHLQ5dFuUbFD2uQd0LjLrZHj++h+J58CxZk_WDF=_uYOK2Ng@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739435C1FC6A1@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAC4RtVDOPaMif55L6JAU4C8aERHgt6M0ntet7GKwgQJbUQKMZw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435C2148B5@TK5EX14MBXC285.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1128FF826E5@WSMSG3153V.srv.dir.telstra.com> <CAC4RtVAj7UG-7kgo3CU5Q6eeJFXi2VciQHUoGL5WJ8iq5cmykg@mail.gmail.com> <CAGdjJpKTAAFq_YGXWOdhT7+Sxyaay5gbjx_ktha8Z6EYaxvtYA@mail.gmail.com> <CA+k3eCSiowbODXVis-HTZ+hTvwsA-b_XjLtKiL2Gy36hH_=z5w@mail.gmail.com> <CA+CHLQ5dFuUbFD2uQd0LjLrZHj++h+J58CxZk_WDF=_uYOK2Ng@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 05 Oct 2011 08:46:50 -0400
Message-ID: <1317818810.13049.10.camel@ground>
MIME-Version: 1.0
X-Mailer: Evolution 2.32.2
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed resolution for issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2011 12:45:17 -0000
+1 I would also prefer to not restrict scope values but provide clear encoding for places where transport is going to be an issue. This is what we do with tokens, which show up in the same places. Am I missing the reason we can't use the exact same rules (modulo the single space character) that apply to tokens? -- Justin On Tue, 2011-10-04 at 19:52 -0400, Mark Lentczner wrote: > I think James has made the case that there is an issue clear. > > > As for what to pick, I favor not restricting scopes in the core spec, > and clearly specifying the way scopes will be presented in HTTP > headers in the bearer spec. > > > For the later, James supplies a nice list of the alternatives. > Personally, I think the URI-escaping is least likely to trip > developers up. One must be aware, though, that if there is only one > scope string to provide, and it meets the token production, then the > scope needn't be in quotes. > > > I believe RFC 5987 is vast over-kill in this case. We have no need to > enable multiple different encodings, nor multiple encodings with a > single header. Further, I wonder how widespread support for it is in > various HTTP frameworks. > > > - Mark > >
- [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Manger, James H
- Re: [OAUTH-WG] Proposed resolution for issue 26 Barry Leiba
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mike Jones
- Re: [OAUTH-WG] Proposed resolution for issue 26 Marius Scurtescu
- Re: [OAUTH-WG] Proposed resolution for issue 26 Brian Campbell
- Re: [OAUTH-WG] Proposed resolution for issue 26 Mark Lentczner
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke
- Re: [OAUTH-WG] Proposed resolution for issue 26 Justin Richer
- Re: [OAUTH-WG] Proposed resolution for issue 26 Julian Reschke