On 09/29/2016 01:40 PM, Ted Hardie wrote: > On Thu, Sep 29, 2016 at 1:32 PM, Jacob Hoffman-Andrews <[email protected] > <mailto:[email protected]>> wrote: > > On 09/27/2016 12:26 AM, Hugo Landau wrote: > > > > We should also consider allowing people to use URIs, or some sort of > > vendor-prefixed types for authorizations and challenges, to avoid > > collisions. e.g. "http://example.ca/account-funding-01 > <http://example.ca/account-funding-01>" or > > "vnd.exampleca.account-funding-01" or > "ca.example.account-funding-01". > > This also makes sense. I think URIs make more sense, rather than > defining a new namespace. And the URIs can contain more information > about the type. What do other folks think? > > > I'm a little confused about the proposal, especially how the URI would > contain more information about the type. Would you mind fleshing > this out a bit? Something like this:
Servers that create authorization objects with a non-standard type should provide a URL as the type string. This allows non-standard types to be created in a well-defined namespace, to avoid conflicts. Visiting the URL in a web browser should result in a human-readable web page describing the non-standard authorization type. However, I'm very open to other suggestions!
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
