Wasn't there some concensus that URIs would be good for scope? They have "in-built namespacing" ...
Lukas 2010/6/23 Dick Hardt <[email protected]>: > > On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > >> " >> scope >> OPTIONAL. The scope of the access request expressed as a list >> of space-delimited strings. The value of the "scope" parameter >> is defined by the authorization server. If the value contains >> multiple space-delimited strings, their order does not matter, >> and each string adds an additional access range to the >> requested scope. >> " >> >> Do folks think it would be useful to have standardized values? > > Not at this time. The semantics of scope are all over the place. If > standardized, people will feel they need to pick one that is close to what > they want, but is not exactly what they mean. I think it is better for the AS > to define what they mean by a scope and give it a name that makes sense in > that context. > >> >> If the answer is "yes", then it would be useful to differentiate the >> standardized values from those values that are purely defined locally by >> the authorization server. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
