IETF Logo Mail Archive

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 11 May 2010 05:47 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A03703A69F8 for <oauth@core3.amsl.com>; Mon, 10 May 2010 22:47:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.946
X-Spam-Level:
X-Spam-Status: No, score=-0.946 tagged_above=-999 required=5 tests=[AWL=-0.186, BAYES_05=-1.11, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jco5kp6Y1lJj for <oauth@core3.amsl.com>; Mon, 10 May 2010 22:47:12 -0700 (PDT)
Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.31.27]) by core3.amsl.com (Postfix) with ESMTP id AAD3F3A6ADF for <oauth@ietf.org>; Mon, 10 May 2010 22:47:10 -0700 (PDT)
Received: from p4fff1096.dip.t-dialin.net ([79.255.16.150] helo=[127.0.0.1]) by smtprelay04.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1OBiJ0-0004Ht-7n; Tue, 11 May 2010 07:46:58 +0200
Message-ID: <4BE8EF51.1070305@lodderstedt.net>
Date: Tue, 11 May 2010 07:46:57 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Yaron Goland <yarong@microsoft.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3AB46E1C@P3PW5EX1MB01.EX1.SECURESERVER.NET> <7C01E631FF4B654FA1E783F1C0265F8C4A426BAB@TK5EX14MBXC117.redmond.corp.microsoft.com>
In-Reply-To: <7C01E631FF4B654FA1E783F1C0265F8C4A426BAB@TK5EX14MBXC117.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: 141509
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2010 05:47:15 -0000

Am 11.05.2010 01:43, schrieb Yaron Goland:
>
>> ---
>>
>> 2. Client Authentication (in flows)
>>
>> How should the client authenticate when making token requests? The
>> current draft defines special request parameters for sending client
>> credentials. Some have argued that this is not the correct way, and that the
>> client should be using existing HTTP authentication schemes to accomplish
>> that such as Basic.
>>
>> A. Client authenticates by sending its credentials using special parameters
>> (current draft) B. Client authenticated by using HTTP Basic (or other schemes
>> supported by the server such as Digest)
>>
>>      
> [Yaron Goland] A is needed at a minimum because there are physical limitations to how many bytes can go into an authorization header.
>    

As far as I know, 4KB is the minimum size for headers that must be 
supported by user agents, which should suffice from my point of view. 
Moreover, other HTTP authentication mechanisms need much more than 4KB, 
For example, SPNEGO authentication headers can be up to 12392 bytes.

regards,
Torsten.

>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>      
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email