Sorry for the late comment on this, Eran. I like your idea, but would suggest that better than company name would be domain name or based on domain name (I don't recall if '.' is allowed in this context). Company names are by no means unique, and even within a large company one could envision clashes.
Eliot On 3/30/11 1:13 AM, Eran Hammer-Lahav wrote: > > I would like to make the following change to section 8.2: > > > > New request or response parameters for use with the authorization > endpoint or the token endpoint are defined and registered in the > parameters registry following the procedure in Section 10.2 > <http://tools.ietf.org/html/draft-ietf-oauth-v2-13#section-10.2>. > > Parameter names MUST conform to the param-name ABNF and parameter > values syntax MUST be well-defined (e.g., using ABNF, or a reference > to the syntax of an existing parameter). > > Unregistered vendor-specific parameter extensions that are not commonly > applicable, and are specific to the implementation details of the > authorization server where they are used SHOULD utilize a > vendor-specific prefix that is not likely to conflict with other > registered values (e.g. begin with 'companyname_'). > > > > This is a more pragmatic (and less ugly) solution to vendor specific > parameters. Instead of using the âx_â prefix, vendors (have and) will > use something else that is unique to them. For example Facebook uses > âfb_â for many of their parameters. > > > > Feedback requested by 4/1 for inclusion in -14. > > > > EHL > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
