Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D13F21F8578 for ; Fri, 20 Jan 2012 15:50:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2flq7pXmykN4 for ; Fri, 20 Jan 2012 15:50:53 -0800 (PST) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id DFD7121F85FF for ; Fri, 20 Jan 2012 15:50:52 -0800 (PST) Received: by ghbg16 with SMTP id g16so109906ghb.31 for ; Fri, 20 Jan 2012 15:50:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=Zm6dxPJOoOe+YiuE6TUGWsItIOnxGW6sHYim+kkKNn0=; b=B/q2xqrNs209apJ7n+JTn/R5GdGt2dxQsPAuVq87EggXy4W+EGM/dk8ayAdQLY7h9J ICbqZ13Fdn71femB9xzgErN+vNx+zhLjiO5D0KaOY8uCj/EmtA4cxx8zdeS+C0HPuZYj Os1rE4nCEKUwPdvlmMOJ9vhGPFqZPRuKF5pQo= Received: by 10.236.179.7 with SMTP id g7mr48513814yhm.74.1327103452499; Fri, 20 Jan 2012 15:50:52 -0800 (PST) Received: from [192.168.0.40] (S0106602ad0767c15.nb.shawcable.net. [70.74.90.92]) by mx.google.com with ESMTPS id n64sm7993416yhk.4.2012.01.20.15.50.50 (version=SSLv3 cipher=OTHER); Fri, 20 Jan 2012 15:50:51 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: multipart/alternative; boundary="Apple-Mail=_45522EB3-AE25-403A-988F-CACE6341566D" From: Dick Hardt In-Reply-To: Date: Fri, 20 Jan 2012 16:50:50 -0700 Message-Id: <35BD8E89-A024-4034-8E89-95F4814F9C6C@gmail.com> References: <90C41DD21FB7C64BB94121FBBC2E723453AAB96537@P3PW5EX1MB01.EX1.SECURESERVER.NET> To: Torsten Lodderstedt X-Mailer: Apple Mail (2.1251.1) Cc: OAuth WG Subject: Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2012 23:50:53 -0000 --Apple-Mail=_45522EB3-AE25-403A-988F-CACE6341566D Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii +! On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote: > MUST sounds reasonable > > > > Eran Hammer schrieb: > The current text: > > If the issued access token scope > is different from the one requested by the client, the authorization > server SHOULD include the "scope" response parameter to inform the > client of the actual scope granted. > > Stephen asked why not a MUST. I think it should be MUST. Any disagreement? > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_45522EB3-AE25-403A-988F-CACE6341566D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii +!

On Jan 20, 2012, at 4:20 PM, = Torsten Lodderstedt wrote:

MUST sounds = reasonable 



Eran Hammer <eran@hueniverse.com> = schrieb:
The current = text:
 
   If the issued access token = scope
   is different from the one requested by the client, = the authorization
   server SHOULD include the "scope" response = parameter to inform the
   client of the actual scope = granted.
 
Stephen asked why not a MUST. I think it should be MUST. = Any disagreement?
 
EHL
OAuth@ietf.org
https://www.ietf.org/= mailman/listinfo/oauth

= --Apple-Mail=_45522EB3-AE25-403A-988F-CACE6341566D--