IETF Logo Mail Archive

Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments

David Waite <david@alkaline-solutions.com> Thu, 13 October 2011 01:49 UTC

Return-Path: <david@alkaline-solutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9784121F8B0D for <oauth@ietfa.amsl.com>; Wed, 12 Oct 2011 18:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LrKjFJFJ70Ci for <oauth@ietfa.amsl.com>; Wed, 12 Oct 2011 18:49:54 -0700 (PDT)
Received: from alkaline-solutions.com (lithium5.alkaline-solutions.com [173.255.196.46]) by ietfa.amsl.com (Postfix) with ESMTP id 24F8D21F8B0C for <oauth@ietf.org>; Wed, 12 Oct 2011 18:49:54 -0700 (PDT)
Received: from [192.168.3.4] (c-24-9-59-104.hsd1.co.comcast.net [24.9.59.104]) by alkaline-solutions.com (Postfix) with ESMTPSA id 7FEF531AE2; Thu, 13 Oct 2011 01:49:54 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: multipart/signed; boundary="Apple-Mail=_6921EF5C-69DB-4E45-843A-C60119D3C353"; protocol="application/pkcs7-signature"; micalg="sha1"
From: David Waite <david@alkaline-solutions.com>
In-Reply-To: <CAGdjJp+RN0rbwHfdZf3B9aVLuogFTPvgVp6+PEWhhLXQes1M-w@mail.gmail.com>
Date: Wed, 12 Oct 2011 19:49:53 -0600
Message-Id: <E3E36774-0966-4619-BEEC-01FB13E01623@alkaline-solutions.com>
References: <20110727131700.23436.11568.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739434986822D@TK5EX14MBXC202.redmond.corp.microsoft.com> <CAC4RtVBx-WrxbXE-DxvEp3EsE3q6oEcrv9XWxteB11AjPMK3Hg@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E11289635128@WSMSG3153V.srv.dir.telstra.com> <1314767698.36186.YahooMailNeo@web31808.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E1128DB1DE6E@WSMSG3153V.srv.dir.telstra.com> <1318350042.89721.YahooMailNeo@web31810.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E1129072392A@WSMSG3153V.srv.dir.telstra.com> <4E955C01.40603@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C238C90@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95A987.1000203@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C239299@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95DB3B.2040802@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C23936C@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95DDE6.3080502@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C239402@TK5EX14MBXC284.redmond. corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E112907A695F@WSMSG3153V.srv.dir.telstra.com> <CAGdjJp+RN0rbwHfdZf3B9aVLuogFTPvgVp6+PEWhhLXQes1M-w@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2011 01:49:54 -0000

On Oct 12, 2011, at 7:37 PM, Marius Scurtescu wrote:
> While I much prefer what you suggest below (and it was suggested
> before), I think it is too late for that. It will force existing
> deployments to implement ambiguous parsing code.
> 
> Let's stick with "Bearer <b64token>". If this is the only option, do
> we have to limit the token chars to b64?

> 
> If more flexibility is needed then we can define a new scheme for that.
> 

I agree. The use of "Bearer" is enough to allow for future extension if needed, by using one of the many other character sequences allowed for the scheme.

-DW

v2.23.0 | Report a Bug | By Email