It didn't align with the my assumption when I was implementing, which is why I asked:)
With respect to URIs, I believe that the scheme and host are always case-intensive but the case-sensitivity of the other parts are scheme dependent and that, in general, comparison is hard and error prone. It just feels like a slippery slope to start adding normalization/comparison rules to scope. But with that said, it's not a big deal and I won't quibble about it. On Fri, Mar 25, 2011 at 9:02 AM, Eran Hammer-Lahav <[email protected]> wrote: > It's a safe language to align it with common assumptions. Also, in the case > of URI values, they are usually case insensitive. > > EHL > >> -----Original Message----- >> From: Brian Campbell [mailto:[email protected]] >> Sent: Friday, March 25, 2011 8:00 AM >> To: Eran Hammer-Lahav >> Cc: Mike Jones; [email protected] >> Subject: Re: [OAUTH-WG] Feedback on draft-ietf-oauth-v2-13 >> >> >> 4.1.1: Scope string matching rules are ambiguous >> >> >> >> In the "scope" definition, add "The space-delimited strings are case >> >> insensitive." >> > >> > Good call. >> >> I'd like to better understand why? Other than a means to delimit and allow >> for multiple values, the spec is otherwise leaving the interpretation of >> scope >> values up to the implementation/deployment. > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
