IETF Logo Mail Archive

Re: [OAUTH-WG] VOTE: Token type response parameter

Lukas Rosenstock <lr@lukasrosenstock.net> Mon, 22 November 2010 14:25 UTC

Return-Path: <lr@lukasrosenstock.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D5DE3A6A98 for <oauth@core3.amsl.com>; Mon, 22 Nov 2010 06:25:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kIM+9wJGJwYg for <oauth@core3.amsl.com>; Mon, 22 Nov 2010 06:25:50 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 6965F3A6A8F for <oauth@ietf.org>; Mon, 22 Nov 2010 06:25:50 -0800 (PST)
Received: by wyb29 with SMTP id 29so7103782wyb.31 for <oauth@ietf.org>; Mon, 22 Nov 2010 06:26:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.174.204 with SMTP id x54mr588351wel.101.1290436000234; Mon, 22 Nov 2010 06:26:40 -0800 (PST)
Received: by 10.216.235.15 with HTTP; Mon, 22 Nov 2010 06:26:40 -0800 (PST)
X-Originating-IP: [91.34.39.242]
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343D470CC778@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343D470CC778@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 22 Nov 2010 15:26:40 +0100
Message-ID: <AANLkTi=S0hVRF8RVhza2R1t6VajpVQXXm1Gj4vvqcHQL@mail.gmail.com>
From: Lukas Rosenstock <lr@lukasrosenstock.net>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] VOTE: Token type response parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2010 14:25:51 -0000

I'm all for #3.

#1 will just restart the discussions about "OAuth preferring bearer"
so better drop it.
#2 and #4 are bad for interoperability and extensibility.

2010/11/17 Eran Hammer-Lahav <eran@hueniverse.com>:
> The new draft will include a new token_type response parameter. In my original proposal I suggested making this an optional response parameter with a default value of 'bearer' or 'plain' to keep existing -10 implementation compliant with -11.
>
> Options are:
>
> 1. Missing type response parameter means bearer token
> 2. Missing type response parameter means whatever the service default token type is
> 3. Servers must include an explicit token type with each response, where each token spec (bearer, signed, etc.) register their own type name
> 4. No token type. Type is determined by other attributes (such as secret and hash algorithm name).
>
> #1 and #3 are the most consistent with current design and best for interop. #1 requires no changes to -10 code, but leads to ugly spec organization (it links the bearer token spec with the framework spec).
>
> I'm strongly in favor of #3 as existing clients will ignore this and just assume bearer. Any server introducing a new token type will need to change clients anyway. Servers will need to be changed to add the new parameter but that's a trivial change (and -11 includes some normative changes already - all minor).
>
> So +1 on #3 for me.
>
> Please register your preference.
>
> EHL
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email