Re: [OAUTH-WG] Issue 15, new client registration

Justin Richer <jricher@mitre.org> Mon, 25 July 2011 16:11 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FAD11E80FA for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:11:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.541
X-Spam-Level:
X-Spam-Status: No, score=-6.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pk-VDqcO-ySW for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:11:37 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 1589E21F8C78 for <oauth@ietf.org>; Mon, 25 Jul 2011 07:40:46 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 6003C21B1058; Mon, 25 Jul 2011 10:40:45 -0400 (EDT)
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 5834321B019E; Mon, 25 Jul 2011 10:40:45 -0400 (EDT)
Received: from [129.83.50.1] (129.83.50.1) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server id 8.3.192.1; Mon, 25 Jul 2011 10:40:45 -0400
From: Justin Richer <jricher@mitre.org>
To: Eran Hammer-Lahav <eran@hueniverse.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72345021F378B9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <4E2740E9.5000209@lodderstedt.net> <4E274191.6020207@lodderstedt.net> <90C41DD21FB7C64BB94121FBBC2E72345021F377AA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E72345021F378B9@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 25 Jul 2011 10:40:31 -0400
Message-ID: <1311604831.24841.11.camel@ground>
MIME-Version: 1.0
X-Mailer: Evolution 2.32.2
Content-Transfer-Encoding: 7bit
Cc: OAuth WG <oauth@ietf.org>, "eran@sled.com" <eran@sled.com>
Subject: Re: [OAUTH-WG] Issue 15, new client registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:11:38 -0000

I would avoid using the term "open" here as it has other deep-seated
meanings in the software world, particularly with regard to Open Source
and Open Standard stuff. FWIW, I think "confidential/public" or
"private/public" are serviceable.

 -- Justin

On Mon, 2011-07-25 at 02:45 -0400, Eran Hammer-Lahav wrote:
> How about confidential/open?
> 
> EHL
> 
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Eran Hammer-Lahav
> > Sent: Friday, July 22, 2011 2:12 PM
> > To: Torsten Lodderstedt; OAuth WG
> > Subject: Re: [OAUTH-WG] Issue 15, new client registration
> > 
> > 
> > 
> > > -----Original Message-----
> > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > > Of Torsten Lodderstedt
> > > Sent: Wednesday, July 20, 2011 1:59 PM
> > > To: OAuth WG
> > > Subject: Re: [OAUTH-WG] Issue 15, new client registration
> > >
> > > 2.1 Client types
> > >
> > > I'm struggeling with the new terminology of "private" and "public"
> > > clients. In my perception, the text just distinguishes clients which
> > > can be authenticated and such which cannot. This is fine but I
> > > consider the wording misleading. I would suggest to change it to
> > > something like trusted/untrusted or authenticated/unauthenticated or
> > Verifiable/Forgeable.
> > 
> > I'm open to changing the names.
> > 
> > I don't like trusted/untrusted because OAuth does not define trust. The
> > authenticated/unauthenticated pair is also not ideal because the terms
> > describe the outcome, not the nature of the client. As for
> > verifiable/forgeable, I think these terms are too complicated for a casual
> > reader.
> > 
> > My intention with public/private is to identify the nature of the client
> > credentials. So a more verbose version would be 'public credentials/private
> > credentials'. This also works with 'code' instead of 'credentials'.
> > 
> > It's clear from the past year of discussions that we need terminology to
> > describe these two types.
> > 
> > Any other suggestions?
> > 
> > EHL
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth