On Jul 15, 2010, at 9:07 AM, Eran Hammer-Lahav wrote: > I would like people to raise their hand and explain how this will break > actual 1.0 deployments.
What happens if a 1.0 client receives a WWW-Authenticate header from a 2.0 protected resource with the 'OAuth' mechanism specified? Might it then attempt OAuth 1 with a 2.0 token service (and thus just fail without being able to know what went wrong)? - johnk > > EHL > > > > On Jul 15, 2010, at 1:38, Brian Eaton <[email protected]> wrote: > >> Draft 10 switched from "Token" scheme in the authorization header to >> "OAuth". I'd rather we didn't reuse OAuth. 'OAuth2' would be great. >> "Token" is ugly as sin, but is better than "OAuth". >> >> Spec section: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#page-30 >> >> The problem with reusing "OAuth" is that there are existing >> implementations in the wild that have special behavior implemented for >> OAuth authorization headers. Since OAuth2 headers don't have the same >> semantics, we're going to break those implementations. We shouldn't >> reuse "OAuth" for the same reasons we shouldn't reuse "Negotiate", >> "NTLM", "Digest", or "Basic. >> >> Cheers, >> Brian >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
