IETF Logo Mail Archive

Re: [OAUTH-WG] Possible alternative resolution to issue 26

William Mills <wmills@yahoo-inc.com> Wed, 05 October 2011 17:39 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60AFB1F0C55 for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 10:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.413
X-Spam-Level:
X-Spam-Status: No, score=-17.413 tagged_above=-999 required=5 tests=[AWL=0.185, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SV2jkYCczjYi for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2011 10:39:06 -0700 (PDT)
Received: from nm40-vm3.bullet.mail.bf1.yahoo.com (nm40-vm3.bullet.mail.bf1.yahoo.com [72.30.239.211]) by ietfa.amsl.com (Postfix) with SMTP id 34DAD1F0C49 for <oauth@ietf.org>; Wed, 5 Oct 2011 10:39:06 -0700 (PDT)
Received: from [98.139.212.144] by nm40.bullet.mail.bf1.yahoo.com with NNFMP; 05 Oct 2011 17:42:08 -0000
Received: from [98.139.212.192] by tm1.bullet.mail.bf1.yahoo.com with NNFMP; 05 Oct 2011 17:42:08 -0000
Received: from [127.0.0.1] by omp1001.mail.bf1.yahoo.com with NNFMP; 05 Oct 2011 17:42:08 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 648153.2140.bm@omp1001.mail.bf1.yahoo.com
Received: (qmail 99097 invoked by uid 60001); 5 Oct 2011 17:42:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1317836527; bh=E0SqpunLmMWm8ygXhRlgOBlS2SolH0Vsa/Nd7xIfLWo=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=dIuC1Viqbf6cjBjrHB2hYlVqQF6eCIFFhuxP4hfjiXw4eG0NYS8p3P9NdgvQtXwphDsNWJ2Ecxu4Au+/3C++Y52yoWuSNpP5Vn7Wk7xC5f72OdKSKvMZHEao++egieNKuSQxGVyiqpaAfSzc7zBfRQz/bbft4J7mXQQ8Sk9gfoE=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=TxwNq5GQfxbHOxEcRY6YeEvDgn72f3AygrjteYp2AL2eKuC6TaQZMRGGAw2VT4xUdmpP+IpMqbTC/Ti9aT58wB1JOaVFNE78CBKS7kll0H/phxo9CqgTX+nmsfjs8GFIkbsWhA8I1fQM0aJxUGmAX+5lo9SlaqKDRZrd88/Gv/A=;
X-YMail-OSG: MZETjSwVM1nkIhX2mMgn59rcWN3vaNcic5zafcRgADzi21f m9cIj9GxyVxrU8yTChSEs7zhBRYpMPhsda7U3kvlb_BZYTOtVtrM8_wK7VXv 0XxCzo35zYlbFw7h3qDQVU.hR40GQXI7djJTpr0DihsYTWJmBy5uTCrmZLaC Ful11UkWWPjd1E85cSnc8joHYHIWiw7kuuE_gDW_lwcm_PITgSVdW75ZZ1kp S0QyJq6gmdHwu0OQVa4Y6833DB5Lf2DGved43HIfICVDLjbZu1lvGoKBr_id kxehaCLk.Xtv3Q._21KeiMucnJ4BcpZ2xNN3BLjhncoJmdnFa5Xw7F_7C74. 9RFJF63P7lQrX5fTEtXr56CWlWyPwnTItzwAOnVIMUBKHQrlEPEnc8v7kkgK vpBhIAHto2yG4PPrIQRE6Kt6WHvqDN8HU1oEBQqslQjS.m1795Rv.C37HCQu GiAcGUI1YxJQCUDh.p1qqI4gCPqUrTU9xH4tYzAp3X9nkTYRTaKLZkmW8QNv gEK2I_P4lJkvaUD5LlvELap.tuXuMhEunVGFhUFppJn6D2rMTuOtMcKWA
Received: from [209.131.62.113] by web31813.mail.mud.yahoo.com via HTTP; Wed, 05 Oct 2011 10:42:06 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.115.325013
References: <4E1F6AAD24975D4BA5B16804296739435C21DD2C@TK5EX14MBXC284.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1129015546C@WSMSG3153V.srv.dir.telstra.com> <1317621663.4810.YahooMailNeo@web31813.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B16804296739435C226298@TK5EX14MBXC284.redmond.corp.microsoft.com> <1317704315.93442.YahooMailNeo@web31811.mail.mud.yahoo.com> <4E8B2DE1.2090706@mtcc.com> <C2C10679-2611-415B-80B7-8526937C1E82@oracle.com> <1317747487.89926.YahooMailNeo@web31809.mail.mud.yahoo.com> <6B898133-E7D0-45B1-9E3B-3B6DAFCDF671@oracle.com> <CAGdjJpJ+XkyPAJXEJa-3p3tNTxKzMpZXSHmH3H-m-7T9v=4x0Q@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739435C2276BD@TK5EX14MBXC284.redmond.corp.microsoft.com> <27AFD040F6F8AA4193E0614E2E3AF9C910D2F0CAAA@SISPE7MB1.commscope.com> <1317772567.49150.YahooMailNeo@web31811.mail.mud.yahoo.com> <90C41DD21FB7C64BB94121FBBC2E723452602A522F@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Message-ID: <1317836526.95577.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Wed, 05 Oct 2011 10:42:06 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, "Thomson, Martin" <Martin.Thomson@commscope.com>, Mike Jones <Michael.Jones@microsoft.com>, Marius Scurtescu <mscurtescu@google.com>, Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723452602A522F@P3PW5EX1MB01.EX1.SECURESERVER.NET>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-547435607-1317836526=:95577"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2011 17:39:07 -0000

Are quotes a problem?  I think it's simpler if we leave them out.



________________________________
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: William Mills <wmills@yahoo-inc.com>; "Thomson, Martin" <Martin.Thomson@commscope.com>; Mike Jones <Michael.Jones@microsoft.com>; Marius Scurtescu <mscurtescu@google.com>; Phil Hunt <phil.hunt@oracle.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Wednesday, October 5, 2011 10:28 AM
Subject: RE: [OAUTH-WG] Possible alternative resolution to issue 26


It should be much simpler than that. The v2 spec should simply limit the character set to printable ascii with special meaning for space. Beyond that, these are just ascii strings which can be URIs or anything else. If the server choose to use these strings with some internal meaning (i.e. URI or encoded data), it should specify how normalization may occure.
 
But the point is, these are meant to be opaque, space-delimited string. Any interop beyond that requires additional specification (e.g. comma delimited inner string values, etc.).
 
It would be really helpful if people provide actual use cases and requirements. Everything I have seen so far will work just fine with a limited ascii set.
 
EHL
 
From:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills
Sent: Tuesday, October 04, 2011 4:56 PM
To: Thomson, Martin; Mike Jones; Marius Scurtescu; Phil Hunt
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
 
Allowing URI requires allowing % encoding, which is workable.  As far as the protocol goes URI is a form of space separated string and the protocol doesn't care.  URI doesn't include quote or qhitespace in the allowed characters so there's no problem there.
 
I agree that we'd have to write it such that  it's clear you don't have to use a URI.  Drawing from http://labs.apache.org/webarch/uri/rev-2002/rfc2396bis.html#path perhaps the allowed charset becomes



scope = *( unreserved / reserved / pct-encoded )

with the clarification that a scope MAY take the form of a properly formatted URI.
-bill
 
 
 

________________________________

From:"Thomson, Martin" <Martin.Thomson@commscope.com>
To: Mike Jones <Michael.Jones@microsoft.com>; Marius Scurtescu <mscurtescu@google.com>; Phil Hunt <phil.hunt@oracle.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Tuesday, October 4, 2011 4:08 PM
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26

On 2011-10-05 at 05:07:06, Mike Jones wrote:
> Existing practice is that simple ASCII strings like "email" "profile", 
> "openid", etc. are used as scope elements.  Requiring them to be URIs 
> would break most existing practice.

Constraining syntax to an ascii token OR a URI (relative reference) might work.  Anything with a colon can be interpreted as a URI; anything without better use a constrained set of characters.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email