IETF Logo Mail Archive

[OAUTH-WG] Issue: Scope parameter

Eran Hammer-Lahav <eran@hueniverse.com> Thu, 15 April 2010 19:07 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 206333A68A2 for <oauth@core3.amsl.com>; Thu, 15 Apr 2010 12:07:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.444
X-Spam-Level:
X-Spam-Status: No, score=-2.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3413LJpxkRSh for <oauth@core3.amsl.com>; Thu, 15 Apr 2010 12:07:41 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id B9D003A67FB for <oauth@ietf.org>; Thu, 15 Apr 2010 12:07:40 -0700 (PDT)
Received: (qmail 5333 invoked from network); 15 Apr 2010 19:07:29 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 15 Apr 2010 19:07:29 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Thu, 15 Apr 2010 12:07:22 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: OAuth WG <oauth@ietf.org>
Date: Thu, 15 Apr 2010 12:07:19 -0700
Thread-Topic: Issue: Scope parameter
Thread-Index: Acrczt6hQU+pa35/2kagxGMjLa51zw==
Message-ID: <C7ECB1F7.32357%eran@hueniverse.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [OAUTH-WG] Issue: Scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2010 19:07:43 -0000

WRAP includes a loosely defined scope parameter which allows for
vendor-specific (and non-interoperable) use cases. This was requested by
many working group members to be included in OAuth 2.0 with the argument
that while it doesn't help interop, it makes using clients easier.

The problem with a general purpose scope parameter that is completely
undefined in structure is that it hurts interop more than it helps. It
creates an expectation that values can be used across services, and it
cannot be used without another spec defining its content and structure. Such
as spec can simply define its own parameter.

In addition, it is not clear what belongs in scope (list of resources,
access type, duration of access, right to share data, rights to
re-delegate).

The rules should be that if a parameter cannot be used without another
documentation, it should be defined in that other document.

Proposal: Request proposals for a scope parameter definition that improve
interop. Otherwise, keep the parameter out of the core spec.

EHL

v2.23.0 | Report a Bug | By Email