+1 for #1
#2 is awful; #3 is unnecessary; #4 "OAuth2" just has less meaning than, say, "Bearer". #1 offers the cleanest separation between "using-a-token to authenticated a request" and "a delegation flow to authorize a client" which is likely to be helpful for lots of people now and in the future trying to get their heads around this complex space. -- James Manger From: [email protected] [mailto:[email protected]] On Behalf Of Eran Hammer-Lahav Sent: Thursday, 3 February 2011 7:34 PM To: OAuth WG Subject: [OAUTH-WG] Bearer token type and scheme name (deadline: 2/10) After a long back-and-forth, I think it is time to present a few options and have people express their preferences. These are the options mentioned so far and their +/-: 1. Descriptive, non-OAuth-specific scheme names (Bearer, MAC) ... 2. Single OAuth2 scheme with sub-schemes ... 3. Name prefix (e.g. oauth2_bearer) ... 4. OAuth2 for bearer, MAC for mac ...
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
