Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax

"Donald F Coffin" <donald.coffin@reminetworks.com> Thu, 31 January 2013 06:43 UTC

Return-Path: <donald.coffin@reminetworks.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4882721F854B for <oauth@ietfa.amsl.com>; Wed, 30 Jan 2013 22:43:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.749
X-Spam-Level:
X-Spam-Status: No, score=-0.749 tagged_above=-999 required=5 tests=[AWL=1.849, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDSHlccn9OnQ for <oauth@ietfa.amsl.com>; Wed, 30 Jan 2013 22:43:02 -0800 (PST)
Received: from oproxy1-pub.bluehost.com (oproxy1-pub.bluehost.com [66.147.249.253]) by ietfa.amsl.com (Postfix) with SMTP id 4039121F84E8 for <oauth@ietf.org>; Wed, 30 Jan 2013 22:43:01 -0800 (PST)
Received: (qmail 31158 invoked by uid 0); 31 Jan 2013 06:42:36 -0000
Received: from unknown (HELO host125.hostmonster.com) (74.220.207.125) by oproxy1.bluehost.com with SMTP; 31 Jan 2013 06:42:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=reminetworks.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=8Finb9tU+rwR7P5ZHOAzSLhBMM3ewpwdKjM/1nSf6AA=; b=fL32Ziqi7ICZgg//x70uBxgUTDEHqtEaxLHmr+uWxQYmEYhiX4ay12qvnlQs9gPE0d3eHdFWxqBSH5axkpFRvTRdyeTMPCfHgKLY9qtan5WCZoN577YosuENOvB7Nbe5;
Received: from [68.4.207.246] (port=2611 helo=HPPavilionElite) by host125.hostmonster.com with esmtpa (Exim 4.80) (envelope-from <donald.coffin@reminetworks.com>) id 1U0nr2-00010s-1Y; Wed, 30 Jan 2013 23:42:36 -0700
From: "Donald F Coffin" <donald.coffin@reminetworks.com>
To: "'Justin Richer'" <jricher@mitre.org>, "'Todd W Lainhart'" <lainhart@us.ibm.com>
References: <OF3031393A.750F4AB2-ON85257B03.007AD84B-85257B03.007B56E7@us.ibm.com> <51099EBD.5050204@mitre.org>
In-Reply-To: <51099EBD.5050204@mitre.org>
Date: Wed, 30 Jan 2013 22:41:08 -0800
Message-ID: <008501cdff7d$f3e35810$dbaa0830$@reminetworks.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0086_01CDFF3A.E5C1C5C0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHayEWWF0dQwkH9jF/aixGg/SYQlwHYgysVmDqXlNA=
Content-Language: en-us
X-Identified-User: {1395:host125.hostmonster.com:reminetw:reminetworks.com} {sentby:smtp auth 68.4.207.246 authed with donald.coffin@reminetworks.com}
Cc: John Adkins <jva2@pge.com>, Marty Burns <marty@hypertek.us>, Scott Crowder <scott.crowder@qadoenergy.com>, Dave Robin <drobin@automatedlogic.com>, John Teeter <john.teeter@peoplepowerco.com>, pmadsen@pingidentity.com, Edward Denson <ewd7@pge.com>, Uday Verma <uday.verma@ilinknet.com>, Ray Perlner <ray.perlner@nist.gov>, Anne Hendry <ahendry2@gmail.com>, Lynne Rodoni <mrodoni@semprautilities.com>, 'IETF oauth WG' <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 06:43:03 -0000

Justin,

 

>From a purely implementation view, since RFC 6749 has already defined Scope,
I think it will only confuse implementers if the format of Scope is not
consistent.  In defining how to merge RFC 6749 with the ESPI Standard, I
have found the Scope parameter to be one of hardest concepts to describe how
to implement and evaluate its contents.  To begin using multiple formats to
define the same parameter will only lead to confusion and chaos.

 

While I understand the end result of parsing the Scope parameter naturally
leads to an array.  I view that as an implementation issue and not relevant
to a specification, especially since RFC 6749 has already set a
documentation precedent..

 

Best regards,

Don

Donald F. Coffin

Founder/CTO

 

REMI Networks

22751 El Prado Suite 6216

Rancho Santa Margarita, CA  92688-3836

 

Phone:      (949) 636-8571

Email:        <mailto:donald.coffin@reminetworks.com>
donald.coffin@reminetworks.com

 

From: Justin Richer [mailto:jricher@mitre.org] 
Sent: Wednesday, January 30, 2013 2:29 PM
To: Todd W Lainhart
Cc: IETF oauth WG
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax

 

It's not meant to follow the same syntax. Instead, it's making use of the
JSON object structure to avoid additional parsing of the values on the
client side.

We could fairly easily define it as the same space-delimited string if
enough people want to keep the scope format consistent.

 -- Justin

On 01/30/2013 05:27 PM, Todd W Lainhart wrote:

That the scope syntax in draft-richer-oauth-introspection-01 is different
than RFC 6749 Section 3.3, as in: 


   "scope": ["read", "write", "dolphin"], 

vs. 

  scope = scope-token *( SP scope-token )
     scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) 

Should introspection-01 follow the 6749 syntax for scopes?

	







_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth