IETF Logo Mail Archive

Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

William Mills <wmills@yahoo-inc.com> Wed, 19 October 2011 18:52 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0970C21F8B7F for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 11:52:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.338
X-Spam-Level:
X-Spam-Status: No, score=-17.338 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hj68NeBJ0b2H for <oauth@ietfa.amsl.com>; Wed, 19 Oct 2011 11:52:30 -0700 (PDT)
Received: from nm37-vm7.bullet.mail.bf1.yahoo.com (nm37-vm7.bullet.mail.bf1.yahoo.com [72.30.238.207]) by ietfa.amsl.com (Postfix) with SMTP id 5F5FE21F8B77 for <oauth@ietf.org>; Wed, 19 Oct 2011 11:52:29 -0700 (PDT)
Received: from [98.139.215.140] by nm37.bullet.mail.bf1.yahoo.com with NNFMP; 19 Oct 2011 18:52:24 -0000
Received: from [98.139.212.246] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 19 Oct 2011 18:52:24 -0000
Received: from [127.0.0.1] by omp1055.mail.bf1.yahoo.com with NNFMP; 19 Oct 2011 18:52:24 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 930318.91955.bm@omp1055.mail.bf1.yahoo.com
Received: (qmail 59527 invoked by uid 60001); 19 Oct 2011 18:52:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1319050344; bh=/J5Td8TlUP9yH5FdIIy32jrThwAim3UaaW1X/wl2s5w=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=BC9mifRYs29X0wubAlTjEnYn70Dl2RZ4QEWcrGmjMiw3Ait2VX4Dy+SXZeqBb3LdbVVuXDcQ1nwznWaXGUltyOmRp4xV5CuI3eToOcrWDhAhWHgXxQLS03Xpw9vMYjDdtJhOj3WRWpuWE2AwRAfZ06DI6O8ImhJR3Nw/hfRUVaQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=IV94bIJynexK/CPHc2ZGBj8ZcWllUbTasiCUjdHy5fL2UUFRWZ+j8Ol/s4qKk+yIKgLgIv6mPt3k3wxnVqJeeLGm2V9SaFyP34PYWQ5PfDAi+sSzdrlJbf2ZtB5TCQf/ofjtAENqBwxx6lSJRri4qGQBPGzaPohQnwLpJZxFUh4=;
X-YMail-OSG: KR_qmxEVM1kksZ6wGUzphJB.u1PL0SPBoRZHXvNRvFa2xzw klj3mG6rWMP8etz25Tp6yWBwj12ZYOcBJ6PC85S5LjxV8seHugpv8jzo3EZZ KbLG24c.WpZJdIdnwePa9QQz6_6y96IqzP6RMFhITxeEiyPAF8yd06m.NMF7 FWYWmXk7DttzaAz_O72Vz_V5lGI51ctSUJvfkFCE8zagRpv2JNuGj8f4Devk iUeRl_5tQtkrcKpHIKjbigvQSoPFYKjNX36z_kfYazpG9_c3Gdbba2TzVBo3 YjPyG8WWypgj2L3V60xBWVzjprJcIeZ8CUH_XPF1vTxtOfVAUOXB9ZGzV6F8 g_0O3jrPFwpq8Xcfxbyiu2KPMJP6gfqTnuMmJLVULlV3GeKh3RrMdPoaMKJM IQZT0CKm6DWBMYsUshFymGEiG5BaomEGlUQ--
Received: from [209.131.62.113] by web31806.mail.mud.yahoo.com via HTTP; Wed, 19 Oct 2011 11:52:24 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.115.325013
References: <4E1F6AAD24975D4BA5B16804296739435C23C5A6@TK5EX14MBXC284.redmond.corp.microsoft.com> <999913AB42CC9341B05A99BBF358718DAABC44@FIESEXC035.nsn-intra.net> <4E1F6AAD24975D4BA5B16804296739435C23EA6A@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9AB561.5060904@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C23F5B6@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9B1BA6.2060704@gmx.de> <90C41DD21FB7C64BB94121FBBC2E723452604B908A@P3PW5EX1MB01.EX1.SECURESERVER.NET> <9E5660BC-C797-454B-B2AF-48AB3E886AC7@ve7jtb.com> <B33BFB58CCC8BE4998958016839DE27EA769@IMCMBX01.MITRE.ORG> <62D2DE5D-AEBE-4A75-9C36-7A51E63DC7C3@ve7jtb.com> <90C41DD21FB7C64BB94121FBBC2E723452604B9102@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4DF35A25-989C-4BE4-8ACD-3520DDB8BDE9@gmx.net> <90C41DD21FB7C64BB94121FBBC2E723452604B9197@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E9D8414.4030107@gmx.de> <90C41DD21FB7C64BB94121FBBC2E723452604B9314@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4E9DABDA.9060306@gmx.de> <CAGdjJpJsq0iq_yS2N_tG6JoARutC+6 -WzH9xfZ1LA6o_1TbpNw@mail.gmail.com> <1319048157.41134.YahooMailNeo@web31802.mail.mud.yahoo.com> <CAGdjJpLErEVx331zo0yHBZfVL1nWzXh8AnjHY-=02DcrTJHKTQ@mail.gmail.com>
Message-ID: <1319050344.13534.YahooMailNeo@web31806.mail.mud.yahoo.com>
Date: Wed, 19 Oct 2011 11:52:24 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Marius Scurtescu <mscurtescu@google.com>
In-Reply-To: <CAGdjJpLErEVx331zo0yHBZfVL1nWzXh8AnjHY-=02DcrTJHKTQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1811930852-1319050344=:13534"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 18:52:33 -0000

I'm not saying we should not make URIs valid scopes.  I'm saying that I think it's confusing and unnecessary to state that scopes are URIs.  I'd be much happier if we say "The definition of scope allows URIs to be used if needed." or some such.



________________________________
From: Marius Scurtescu <mscurtescu@google.com>
To: William Mills <wmills@yahoo-inc.com>
Cc: Julian Reschke <julian.reschke@gmx.de>; OAuth WG <oauth@ietf.org>
Sent: Wednesday, October 19, 2011 11:23 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

On Wed, Oct 19, 2011 at 11:15 AM, William Mills <wmills@yahoo-inc.com> wrote:
>> Is this covering all characters allowed in a URI? Why
>> not define scopes as a list of URIs?
> I'd rather not do this because people will presume unless we add even more
> text to explain it that they need to have the form scheme://host/path or
> some such.

Which is not necessarily a bad thing. It allows systems to scale and
interoperate.

> It's an opportunity to bloat scopes far out of proportion to
> what is actually needed.
>
> ________________________________
> From: Marius Scurtescu <mscurtescu@google.com>
> To: Julian Reschke <julian.reschke@gmx.de>
> Cc: OAuth WG <oauth@ietf.org>
> Sent: Wednesday, October 19, 2011 10:23 AM
> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
> Proposed Resolutions
>
> Marius
>
>
>
> On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.reschke@gmx.de>
> wrote:
>> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>>
>>> Space is allowed inside a quoted string and is already not allowed inside
>>> each scope string.
>>>
>>> EHL
>>> ...
>>
>> a) yes.
>>
>> b) well:
>>
>>   The value of the scope parameter is expressed as a list of space-
>>   delimited, case sensitive strings.  The strings are defined by the
>>   authorization server.  If the value contains multiple space-delimited
>>   strings, their order does not matter, and each string adds an
>>   additional access range to the requested scope.
>>
>> That certainly implies that you can't have a space inside a token, but it
>> could be clearer.
>>
>> Optimally, state the character repertoire precisely:
>>
>>  scopetokenchar =  %x21 / %x23-5B / %x5D-7E
>>  ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>>
>> ?
>
> Is this covering all characters allowed in a URI? Why not define
> scopes as a list of URIs?
>
>>
>> Best regards, Julian
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email