It should be much simpler than that. The v2 spec should simply limit the character set to printable ascii with special meaning for space. Beyond that, these are just ascii strings which can be URIs or anything else. If the server choose to use these strings with some internal meaning (i.e. URI or encoded data), it should specify how normalization may occure.
But the point is, these are meant to be opaque, space-delimited string. Any interop beyond that requires additional specification (e.g. comma delimited inner string values, etc.). It would be really helpful if people provide actual use cases and requirements. Everything I have seen so far will work just fine with a limited ascii set. EHL From: [email protected] [mailto:[email protected]] On Behalf Of William Mills Sent: Tuesday, October 04, 2011 4:56 PM To: Thomson, Martin; Mike Jones; Marius Scurtescu; Phil Hunt Cc: [email protected] WG Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26 Allowing URI requires allowing % encoding, which is workable. As far as the protocol goes URI is a form of space separated string and the protocol doesn't care. URI doesn't include quote or qhitespace in the allowed characters so there's no problem there. I agree that we'd have to write it such that it's clear you don't have to use a URI. Drawing from http://labs.apache.org/webarch/uri/rev-2002/rfc2396bis.html#path perhaps the allowed charset becomes scope = *( unreserved / reserved / pct-encoded ) with the clarification that a scope MAY take the form of a properly formatted URI. -bill ________________________________ From: "Thomson, Martin" <[email protected]<mailto:[email protected]>> To: Mike Jones <[email protected]<mailto:[email protected]>>; Marius Scurtescu <[email protected]<mailto:[email protected]>>; Phil Hunt <[email protected]<mailto:[email protected]>> Cc: "[email protected] WG<mailto:[email protected]%20WG>" <[email protected]<mailto:[email protected]>> Sent: Tuesday, October 4, 2011 4:08 PM Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26 On 2011-10-05 at 05:07:06, Mike Jones wrote: > Existing practice is that simple ASCII strings like "email" "profile", > "openid", etc. are used as scope elements. Requiring them to be URIs > would break most existing practice. Constraining syntax to an ascii token OR a URI (relative reference) might work. Anything with a colon can be interpreted as a URI; anything without better use a constrained set of characters. _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
