IETF Logo Mail Archive

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

Marius Scurtescu <mscurtescu@google.com> Tue, 11 May 2010 21:05 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84A983A6A00 for <oauth@core3.amsl.com>; Tue, 11 May 2010 14:05:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.538
X-Spam-Level:
X-Spam-Status: No, score=-104.538 tagged_above=-999 required=5 tests=[AWL=-1.161, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4IoVS2DWYNtm for <oauth@core3.amsl.com>; Tue, 11 May 2010 14:05:27 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 118AC3A684C for <oauth@ietf.org>; Tue, 11 May 2010 14:05:25 -0700 (PDT)
Received: from wpaz33.hot.corp.google.com (wpaz33.hot.corp.google.com [172.24.198.97]) by smtp-out.google.com with ESMTP id o4BL56nr013291 for <oauth@ietf.org>; Tue, 11 May 2010 14:05:06 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1273611906; bh=PDF18d2SZJxz7eaZW4FWwhkyFV0=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type:Content-Transfer-Encoding; b=xboSsxiWVECPJ63Vb9REu22BsWHdDOH9FAmeKuJ53i584+dSvMn0srwC2y/HYtVzd BLrkw+G4CQwQPWusmtJBg==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:content-transfer-encoding:x-system-of-record; b=Wt+5y0L2AAsPcw7xJBQvECNmUKRyryD3+xULEh+eUHHJxpWCE8xBpToldqJUxR1Jk SX6MdsY58inZX+Ppiby9A==
Received: from pvg13 (pvg13.prod.google.com [10.241.210.141]) by wpaz33.hot.corp.google.com with ESMTP id o4BL54Fe019510 for <oauth@ietf.org>; Tue, 11 May 2010 14:05:05 -0700
Received: by pvg13 with SMTP id 13so718857pvg.35 for <oauth@ietf.org>; Tue, 11 May 2010 14:05:04 -0700 (PDT)
Received: by 10.141.88.1 with SMTP id q1mr4230469rvl.198.1273611904293; Tue, 11 May 2010 14:05:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.141.125.21 with HTTP; Tue, 11 May 2010 14:04:44 -0700 (PDT)
In-Reply-To: <AANLkTik1NKqjCuquccqCMWV2RDQdqcdHpKnRQtwc7L4v@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTik1NKqjCuquccqCMWV2RDQdqcdHpKnRQtwc7L4v@mail.gmail.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Tue, 11 May 2010 14:04:44 -0700
Message-ID: <AANLkTikpcWye6D2FQoRgXkEzyiJL94TmsoXHolZhj6eV@mail.gmail.com>
To: Vivek Khurana <hiddenharmony@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2010 21:05:28 -0000

On Tue, May 11, 2010 at 3:33 AM, Vivek Khurana <hiddenharmony@gmail.com> wrote:
> On Mon, May 10, 2010 at 2:36 AM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
>> DEADLINE: 5/13
>>
>> I would like to publish one more draft before our interim meeting in two weeks (5/20). Below are two open issues we have on the list. Please reply with your preference (or additional solutions) to each item. Issues with consensus will be incorporated into the next draft. Those without will be discussed at the meeting.
>>
>> EHL
>>
>> ---
>>
>> 1. Server Response Format
>>
>> After extensive debate, we have a large group in favor of using JSON as the only response format (current draft). We also have a smaller group but with stronger feelings on the subject that JSON adds complexity with no obvious value.
>>
>> A. Form-encoded only (original draft)
>> B. JSON only (current draft)
>> C. JSON as default with form-encoded and XML available with an optional request parameter
>
>  Being someone who has been involved in development of general purpose
> libraries, I will either A or B, which means either full JSON RFC 4267
> compliance or Form-encoded only. Support of multiple format not only
> increases development and maintenance effort, it increases the size of
> library too. Since on the web, client might have to download the
> library, keeping library size small is very important. If the standard
> supports multiple formats, we might end up with libraries which will
> support either JSON or XML or Form-encoded, thus leading to confusion
> among developers.

For C, I don't think clients would be required to support both, only
servers must support both.

That being said, clients have to support A regardless (refresh token
request still require clients to use form-encoded for the request;
browser based requests require adding parameters to query string;
browser based responses require parsing the query string; the
User-Agent flow requires parsing query string from fragment). To me B
and C are the same when it comes to dependencies and complexity.

Marius

v2.23.0 | Report a Bug | By Email