IETF Logo Mail Archive

Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments

William Mills <wmills@yahoo-inc.com> Wed, 12 October 2011 19:56 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD3A21F8B04 for <oauth@ietfa.amsl.com>; Wed, 12 Oct 2011 12:56:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.298
X-Spam-Level:
X-Spam-Status: No, score=-16.298 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaFtyhYMcz6X for <oauth@ietfa.amsl.com>; Wed, 12 Oct 2011 12:56:25 -0700 (PDT)
Received: from nm30-vm3.bullet.mail.ne1.yahoo.com (nm30-vm3.bullet.mail.ne1.yahoo.com [98.138.91.160]) by ietfa.amsl.com (Postfix) with SMTP id 6B51F21F86EE for <oauth@ietf.org>; Wed, 12 Oct 2011 12:56:25 -0700 (PDT)
Received: from [98.138.90.53] by nm30.bullet.mail.ne1.yahoo.com with NNFMP; 12 Oct 2011 19:56:22 -0000
Received: from [98.138.89.170] by tm6.bullet.mail.ne1.yahoo.com with NNFMP; 12 Oct 2011 19:56:22 -0000
Received: from [127.0.0.1] by omp1026.mail.ne1.yahoo.com with NNFMP; 12 Oct 2011 19:56:22 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 160528.24980.bm@omp1026.mail.ne1.yahoo.com
Received: (qmail 89580 invoked by uid 60001); 12 Oct 2011 19:56:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1318449381; bh=B0wBt7XwN/EORz7OzxDc1RGHq5h8S0snji1e0ILqy+o=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=DYbpvknAzoej2W+RxDUrL4l/ZaMi8LbwLh6jgcK4hIuh8ztqDbfJSZvxb2BlkuuEi3+kzkpIT1cL2uhbOZZUUU/UrqN+cDRz5CHPCjgYzNpNleDX4uLOQmA39unB4LwSBsnWuF+CZFJLdOGVUDiLjdox4qxJu4b2gPXHlL+IkCs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=ftOOyEaby0CPTC0d1IRv0x4EAvG5ulM8rsTaDsWzH4+uwjvh1eYzleQ8g+3PdYVUyrwFx0bIEj8VfnpVjMkSHEMgybhsoOZzwfS1Emjn49YEaAan7QDbp12NC48VtnmCC2zxclUUXE6cK4YohWchg43rB50M+ykbvIfh+iJ83kM=;
X-YMail-OSG: OgqgehYVM1kpqTIvXag9q8PPNlVXXcWa05.OamR64PkcDMZ O6j8ZYEq0RCl7TrgzAJGdLxv7c4epRqz_7Yq_xUEcwFbZBxSuu0IdZBOMPVJ gO28ZaoK0kX4tm6h7zSt8e_AzOj54pvpqoV5.yQMVBN2PNELgOg9zYRgPERI 2Q8Rd_nuka6pSOVmQt_D3WqC8ZmEeLhpc7NtyFxLnCKpvRZ.sZtAia125tpi sY0B1Z7CDg_F3NdEpqXLbe7VrirryfIh9b6YMYT8YJe_su7uw2WxrT.x5BP9 EXFcI5.GKQNSLr47ubM2NsZ39a4L6xv7.5LJ0pjNr9fhVn0Mx6VBlEyiWEdR ayA5aw6sP_TD5YpDFS7f0lEHJ932cs5WB_59Red46oXcMSj.5xf9Ym5wwClx 5W5oJmJRDsukYyzuF8C3M00VEkwq1.Y4A
Received: from [209.131.62.115] by web31812.mail.mud.yahoo.com via HTTP; Wed, 12 Oct 2011 12:56:21 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.115.325013
References: <20110727131700.23436.11568.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739434986822D@TK5EX14MBXC202.redmond.corp.microsoft.com> <CAC4RtVBx-WrxbXE-DxvEp3EsE3q6oEcrv9XWxteB11AjPMK3Hg@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E11289635128@WSMSG3153V.srv.dir.telstra.com> <1314767698.36186.YahooMailNeo@web31808.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E1128DB1DE6E@WSMSG3153V.srv.dir.telstra.com> <1318350042.89721.YahooMailNeo@web31810.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E1129072392A@WSMSG3153V.srv.dir.telstra.com> <4E955C01.40603@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C238C90@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95A987.1000203@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C239299@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95DB3B.2040802@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C23936C@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E95DDE6.3080502@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C239402@TK5EX14MBXC284.redmond. corp.microsoft.com>
Message-ID: <1318449381.27454.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Wed, 12 Oct 2011 12:56:21 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Julian Reschke <julian.reschke@gmx.de>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C239402@TK5EX14MBXC284.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-535856729-1318449381=:27454"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2011 19:56:26 -0000

I have suggested before, and I will reiterate that we should define explicitly how to transport the token in an extensible way if extensions are desired.  I think we shoudl allow both of:

    Bearer b64token

and 


    Bearer token=<quoted string>


The first ensures compatibility with extant implementation, and the second provides definition for the basics where people want to extend it.

-bill



________________________________
From: Mike Jones <Michael.Jones@microsoft.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Sent: Wednesday, October 12, 2011 11:39 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments

One possible syntax is:

Bearer access_token=xyz_-123,more_info=pdq

Ultimately though, the format of the bearer token is outside of the scope of the spec, and up to the participants to determine, including whether to use b64token syntax or params syntax.

                -- Mike

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de] 
Sent: Wednesday, October 12, 2011 11:35 AM
To: Mike Jones
Cc: Manger, James H; oauth@ietf.org
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments

On 2011-10-12 20:26, Mike Jones wrote:
> Because b64token is existing practice
> ...

<include-disclaimer-about-maturity-of-internet-drafts/>

Anyway, how do you then send credentials that include the bearer token plus additional parameters? Example, please.

Best regards, Julian

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email