IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt

Justin Richer <jricher@mitre.org> Wed, 26 January 2011 14:10 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 657AB3A69C7 for <oauth@core3.amsl.com>; Wed, 26 Jan 2011 06:10:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.488
X-Spam-Level:
X-Spam-Status: No, score=-3.488 tagged_above=-999 required=5 tests=[AWL=-0.889, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBDK6Sx77rqM for <oauth@core3.amsl.com>; Wed, 26 Jan 2011 06:10:04 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by core3.amsl.com (Postfix) with ESMTP id 3C5103A69C3 for <oauth@ietf.org>; Wed, 26 Jan 2011 06:10:04 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 9252E21B0AF5; Wed, 26 Jan 2011 09:13:04 -0500 (EST)
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 8BE7D21B0AF3; Wed, 26 Jan 2011 09:13:04 -0500 (EST)
Received: from [129.83.50.65] (129.83.50.65) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server id 8.2.254.0; Wed, 26 Jan 2011 09:13:04 -0500
From: Justin Richer <jricher@mitre.org>
To: Marius Scurtescu <mscurtescu@google.com>
In-Reply-To: <AANLkTimzOErQhT_gjdQrcawVgfsnr_2RVtTOYRoP-fcR@mail.gmail.com>
References: <20110121004501.28103.96097.idtracker@localhost> <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTimzOErQhT_gjdQrcawVgfsnr_2RVtTOYRoP-fcR@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 26 Jan 2011 09:13:03 -0500
Message-ID: <1296051184.9984.5.camel@pulse>
MIME-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2011 14:10:08 -0000

> 2. Section 8.2. What about applications using legacy parameters? Does
> not make much sense to register them, and they cannot be changed to
> x_. 

I *guarantee* that there will be many noncompliant implementations of
this, built on server frameworks with required parameters on all
endpoints. Not everyone is a Facebook or Google who can just define a
new top-level endpoint with clean parameter space. OAuth2 is going to be
integrated into *existing* systems that already have their allowable
extra parameters carved out, and these systems are not going to change
their parameters just to support OAuth. Once again, I'll say that if the
choice comes down to changing around existing parameters or not
supporting OAuth, most people are going to just not support OAuth.

> Broken record: using a prefix for all registered parameters is
> much cleaner (as opposed to requiring that all no-registered
> parameters use a prefix).

And once again, a strong +1 to this, even though I know it's far too
late to make such a breaking change to the spec. I really think this was
a bad decision and is going to come back and bite us in the future.

 -- Justin

v2.23.0 | Report a Bug | By Email