Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
"Donald F Coffin" <donald.coffin@reminetworks.com> Thu, 31 January 2013 06:43 UTC
Return-Path: <donald.coffin@reminetworks.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4882721F854B for <oauth@ietfa.amsl.com>; Wed, 30 Jan 2013 22:43:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.749
X-Spam-Level:
X-Spam-Status: No, score=-0.749 tagged_above=-999 required=5 tests=[AWL=1.849, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDSHlccn9OnQ for <oauth@ietfa.amsl.com>; Wed, 30 Jan 2013 22:43:02 -0800 (PST)
Received: from oproxy1-pub.bluehost.com (oproxy1-pub.bluehost.com [66.147.249.253]) by ietfa.amsl.com (Postfix) with SMTP id 4039121F84E8 for <oauth@ietf.org>; Wed, 30 Jan 2013 22:43:01 -0800 (PST)
Received: (qmail 31158 invoked by uid 0); 31 Jan 2013 06:42:36 -0000
Received: from unknown (HELO host125.hostmonster.com) (74.220.207.125) by oproxy1.bluehost.com with SMTP; 31 Jan 2013 06:42:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=reminetworks.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=8Finb9tU+rwR7P5ZHOAzSLhBMM3ewpwdKjM/1nSf6AA=; b=fL32Ziqi7ICZgg//x70uBxgUTDEHqtEaxLHmr+uWxQYmEYhiX4ay12qvnlQs9gPE0d3eHdFWxqBSH5axkpFRvTRdyeTMPCfHgKLY9qtan5WCZoN577YosuENOvB7Nbe5;
Received: from [68.4.207.246] (port=2611 helo=HPPavilionElite) by host125.hostmonster.com with esmtpa (Exim 4.80) (envelope-from <donald.coffin@reminetworks.com>) id 1U0nr2-00010s-1Y; Wed, 30 Jan 2013 23:42:36 -0700
From: Donald F Coffin <donald.coffin@reminetworks.com>
To: 'Justin Richer' <jricher@mitre.org>, 'Todd W Lainhart' <lainhart@us.ibm.com>
References: <OF3031393A.750F4AB2-ON85257B03.007AD84B-85257B03.007B56E7@us.ibm.com> <51099EBD.5050204@mitre.org>
In-Reply-To: <51099EBD.5050204@mitre.org>
Date: Wed, 30 Jan 2013 22:41:08 -0800
Message-ID: <008501cdff7d$f3e35810$dbaa0830$@reminetworks.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0086_01CDFF3A.E5C1C5C0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHayEWWF0dQwkH9jF/aixGg/SYQlwHYgysVmDqXlNA=
Content-Language: en-us
X-Identified-User: {1395:host125.hostmonster.com:reminetw:reminetworks.com} {sentby:smtp auth 68.4.207.246 authed with donald.coffin@reminetworks.com}
Cc: John Adkins <jva2@pge.com>, Marty Burns <marty@hypertek.us>, Scott Crowder <scott.crowder@qadoenergy.com>, Dave Robin <drobin@automatedlogic.com>, John Teeter <john.teeter@peoplepowerco.com>, pmadsen@pingidentity.com, Edward Denson <ewd7@pge.com>, Uday Verma <uday.verma@ilinknet.com>, Ray Perlner <ray.perlner@nist.gov>, Anne Hendry <ahendry2@gmail.com>, Lynne Rodoni <mrodoni@semprautilities.com>, 'IETF oauth WG' <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 06:43:03 -0000
Justin, >From a purely implementation view, since RFC 6749 has already defined Scope, I think it will only confuse implementers if the format of Scope is not consistent. In defining how to merge RFC 6749 with the ESPI Standard, I have found the Scope parameter to be one of hardest concepts to describe how to implement and evaluate its contents. To begin using multiple formats to define the same parameter will only lead to confusion and chaos. While I understand the end result of parsing the Scope parameter naturally leads to an array. I view that as an implementation issue and not relevant to a specification, especially since RFC 6749 has already set a documentation precedent.. Best regards, Don Donald F. Coffin Founder/CTO REMI Networks 22751 El Prado Suite 6216 Rancho Santa Margarita, CA 92688-3836 Phone: (949) 636-8571 Email: <mailto:donald.coffin@reminetworks.com> donald.coffin@reminetworks.com From: Justin Richer [mailto:jricher@mitre.org] Sent: Wednesday, January 30, 2013 2:29 PM To: Todd W Lainhart Cc: IETF oauth WG Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax It's not meant to follow the same syntax. Instead, it's making use of the JSON object structure to avoid additional parsing of the values on the client side. We could fairly easily define it as the same space-delimited string if enough people want to keep the scope format consistent. -- Justin On 01/30/2013 05:27 PM, Todd W Lainhart wrote: That the scope syntax in draft-richer-oauth-introspection-01 is different than RFC 6749 Section 3.3, as in: "scope": ["read", "write", "dolphin"], vs. scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) Should introspection-01 follow the 6749 syntax for scopes? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] draft-richer-oauth-introspection-01 sc… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Justin Richer
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Mike Jones
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Justin Richer
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Craig McClanahan
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Mike Jones
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Donald F Coffin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Sergey Beryozkin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Richer, Justin P.
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Donald F Coffin
- Re: [OAUTH-WG] draft-richer-oauth-introspection-0… Todd W Lainhart