That makes sense too. I'll change it to explicitly say case sensitive. Either way, this is a useful comment.
EHL > -----Original Message----- > From: Mike Jones [mailto:[email protected]] > Sent: Friday, March 25, 2011 9:24 AM > To: Brian Campbell; Eran Hammer-Lahav > Cc: [email protected] > Subject: RE: [OAUTH-WG] Feedback on draft-ietf-oauth-v2-13 > > Actually, despite having submitted this comment, I'm having second > thoughts about it as well based upon some possible use cases I'm aware of. > If, for instance, a scope element contains base64url encoded content in a > URL, case-folding it will destroy it. Therefore, on reconsideration, I'd > like to > withdraw the comment and have the sentence about scope elements being > case-insensitive removed from the draft. > > Thanks, > -- Mike > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Campbell > Sent: Friday, March 25, 2011 9:17 AM > To: Eran Hammer-Lahav > Cc: [email protected] > Subject: Re: [OAUTH-WG] Feedback on draft-ietf-oauth-v2-13 > > It didn't align with the my assumption when I was implementing, which is > why I asked:) > > With respect to URIs, I believe that the scheme and host are always case- > intensive but the case-sensitivity of the other parts are scheme dependent > and that, in general, comparison is hard and error prone. It just feels like a > slippery slope to start adding normalization/comparison rules to scope. But > with that said, it's not a big deal and I won't quibble about it. > > On Fri, Mar 25, 2011 at 9:02 AM, Eran Hammer-Lahav > <[email protected]> wrote: > > It's a safe language to align it with common assumptions. Also, in the case > of URI values, they are usually case insensitive. > > > > EHL > > > >> -----Original Message----- > >> From: Brian Campbell [mailto:[email protected]] > >> Sent: Friday, March 25, 2011 8:00 AM > >> To: Eran Hammer-Lahav > >> Cc: Mike Jones; [email protected] > >> Subject: Re: [OAUTH-WG] Feedback on draft-ietf-oauth-v2-13 > >> > >> >> 4.1.1: Scope string matching rules are ambiguous > >> >> > >> >> In the "scope" definition, add "The space-delimited strings are > >> >> case insensitive." > >> > > >> > Good call. > >> > >> I'd like to better understand why? Other than a means to delimit and > >> allow for multiple values, the spec is otherwise leaving the > >> interpretation of scope values up to the implementation/deployment. > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
