Sounds good to me. Are others good with this wording?
-- Mike
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Barry Leiba
Sent: Saturday, September 24, 2011 6:33 AM
To: Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] Proposed resolution for issue 26
> My proposed resolution is that %-encoding not be required in the
> specification
I agree with your analysis, now that I see it laid out clearly. I would feel
better, though, if there were text in the document that explained that to
others, who read it later. Perhaps, using your words, we could make this
change to section 2.4:
OLD
The "scope" attribute is a space-delimited list of scope values
indicating the required scope of the access token for accessing the
requested resource. The "scope" attribute MUST NOT appear more than
once.
NEW
The "scope" attribute is a space-delimited list of scope values
indicating the required scope of the access token for accessing the
requested resource. The "scope" attribute MUST NOT appear more than
once.
Interpretation of scope strings requires semantic agreement on the
meaning of the scope strings between the parties participating the
OAuth flow. Should an encoding be used for scope strings in a
particular deployment context, participants have to have agreed
upon that encoding, just as they agree on other OAuth configuration
parameters.
Does that work?
Barry
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
