Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

William Mills <wmills@yahoo-inc.com> Wed, 19 October 2011 18:15 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC5CF1F0C67 for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 11:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.273
X-Spam-Level:
X-Spam-Status: No, score=-17.273 tagged_above=-999 required=5 tests=[AWL=0.325, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQi-hBupoP7H for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 11:15:59 -0700 (PDT)
Received: from nm38-vm5.bullet.mail.ne1.yahoo.com (nm38-vm5.bullet.mail.ne1.yahoo.com [98.138.229.149]) by ietfa.amsl.com (Postfix) with SMTP id C32951F0C49 for <oauth@ietf.org>; Wed, 19 Oct 2011 11:15:58 -0700 (PDT)
Received: from [98.138.90.56] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 19 Oct 2011 18:15:58 -0000
Received: from [98.138.89.250] by tm9.bullet.mail.ne1.yahoo.com with NNFMP; 19 Oct 2011 18:15:58 -0000
Received: from [127.0.0.1] by omp1042.mail.ne1.yahoo.com with NNFMP; 19 Oct 2011 18:15:58 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 125966.14066.bm@omp1042.mail.ne1.yahoo.com
Received: (qmail 78258 invoked by uid 60001); 19 Oct 2011 18:15:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1319048157; bh=Zjwyj0lTd440FUgxkGLFczmLqAw0bTnrkxjv5sgtuvg=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=RYcqUFduQSU+4X0cBAp7DBd0rkq1QjbRlbmVrwxi/HRa2EE19KqO202nikj/7HVZEOdGLiQzbby+NUVazMeddouBwwLxpGQl56HuAsta0pZm1yINJbY12fKFdGEvKLEu6Gp/kcjn/xj2v17lyk3ofjOh7CuoCtqEX/Hgg8vSV2g=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=CRRdTvtyEnGvenmysX0fFb8v7263W948oVTEnv5CX1mPe7RWD/KOaoTSIW9ifg52lOk9iWjTUaQIH4Nq1c4wqcAEonBXpyIq3SA/oDR31WZwD41jEYATBf1bG/OlWgFUAVH19VIEZSv4+BHH/4suXbuLqZRS1gLV2/ThMw1qy9E=;
X-YMail-OSG: L2RoIDQVM1l7s2dt5enquRIl29cCPtEFqcEd27KX4BnQYt. 7dciS.4qkZ9vanfSyYXapK1I_B5aJbCc9VAQH5Fq9z5FynC0aNVQu4BvMLZ5 ivBOhDZz6VFxdtsBpjCtJ3bqRf3heBI6tIetnH9Ayrr75Lkr_btbCXJGzn6n AaHHgIbkm0k0BXrbCKEq17FYUiMZq9A6gzcQLRJCl5MAdK0QwKZgAZM5h37q .4S.eWJkCG9oR81cyOIG6S0ZG_wyJXJQcEfw1VuMjyhRsG0mdYqI.fabLdL9 4DsB.tysYIn9mJAoNWFaWpMUCaKaAUkOX1MZ.e6iUDhoVxGyPR28qHDGeLIn 8LjDxNxIkLBOp0VwIHnukj6S_BoE_85raukaik4lLpRNJ.mY69zQ5gqpRrsg Dz5A3xfupd6U2d9zfLZ6lxsVGgvjLxutyyw--
Received: from [209.131.62.113] by web31802.mail.mud.yahoo.com via HTTP; Wed, 19 Oct 2011 11:15:57 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.115.325013
References: <4E1F6AAD24975D4BA5B16804296739435C23C5A6@TK5EX14MBXC284.redmond.corp.microsoft.com> <999913AB42CC9341B05A99BBF358718DAABC44@FIESEXC035.nsn-intra.net> <4E1F6AAD24975D4BA5B16804296739435C23EA6A@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9AB561.5060904@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C23F5B6@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9B1BA6.2060704@gmx.de> <90C41DD21FB7C64BB94121FBBC2E723452604B908A@P3PW5EX1MB01.EX1.SECURESERVER.NET> <9E5660BC-C797-454B-B2AF-48AB3E886AC7@ve7jtb.com> <B33BFB58CCC8BE4998958016839DE27EA769@IMCMBX01.MITRE.ORG> <62D2DE5D-AEBE-4A75-9C36-7A51E63DC7C3@ve7jtb.com> <90C41DD21FB7C64BB94121FBBC2E723452604B9102@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4DF35A25-989C-4BE4-8ACD-3520DDB8BDE9@gmx.net> <90C41DD21FB7C64BB94121FBBC2E723452604B9197@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E9D8414.4030107@gmx.de> <90C41DD21FB7C64BB94121FBBC2E723452604B9314@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E9DABDA.9060306@gmx.de> <CAGdjJpJsq0iq_yS2N_tG6JoARutC+6 -WzH9xfZ1LA6o_1TbpNw@mail.gmail.com>
Message-ID: <1319048157.41134.YahooMailNeo@web31802.mail.mud.yahoo.com>
Date: Wed, 19 Oct 2011 11:15:57 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Marius Scurtescu <mscurtescu@google.com>, Julian Reschke <julian.reschke@gmx.de>
In-Reply-To: <CAGdjJpJsq0iq_yS2N_tG6JoARutC+6-WzH9xfZ1LA6o_1TbpNw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-969897623-1319048157=:41134"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 18:16:00 -0000

> Is this covering all characters allowed in a URI? Why 

> not definescopes as a list of URIs?

I'd rather not do this because people will presume unless we add even more text to explain it that they need to have the form scheme://host/path or some such.  It's an opportunity to bloat scopes far out of proportion to what is actually needed.



________________________________
From: Marius Scurtescu <mscurtescu@google.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: OAuth WG <oauth@ietf.org>
Sent: Wednesday, October 19, 2011 10:23 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

Marius



On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>
>> Space is allowed inside a quoted string and is already not allowed inside
>> each scope string.
>>
>> EHL
>> ...
>
> a) yes.
>
> b) well:
>
>   The value of the scope parameter is expressed as a list of space-
>   delimited, case sensitive strings.  The strings are defined by the
>   authorization server.  If the value contains multiple space-delimited
>   strings, their order does not matter, and each string adds an
>   additional access range to the requested scope.
>
> That certainly implies that you can't have a space inside a token, but it
> could be clearer.
>
> Optimally, state the character repertoire precisely:
>
>  scopetokenchar =  %x21 / %x23-5B / %x5D-7E
>  ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>
> ?

Is this covering all characters allowed in a URI? Why not define
scopes as a list of URIs?

>
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth