Are quotes a problem? I think it's simpler if we leave them out.
________________________________
From: Eran Hammer-Lahav <[email protected]>
To: William Mills <[email protected]>; "Thomson, Martin"
<[email protected]>; Mike Jones <[email protected]>;
Marius Scurtescu <[email protected]>; Phil Hunt <[email protected]>
Cc: "[email protected] WG" <[email protected]>
Sent: Wednesday, October 5, 2011 10:28 AM
Subject: RE: [OAUTH-WG] Possible alternative resolution to issue 26
It should be much simpler than that. The v2 spec should simply limit the
character set to printable ascii with special meaning for space. Beyond that,
these are just ascii strings which can be URIs or anything else. If the server
choose to use these strings with some internal meaning (i.e. URI or encoded
data), it should specify how normalization may occure.
But the point is, these are meant to be opaque, space-delimited string. Any
interop beyond that requires additional specification (e.g. comma delimited
inner string values, etc.).
It would be really helpful if people provide actual use cases and requirements.
Everything I have seen so far will work just fine with a limited ascii set.
EHL
From:[email protected] [mailto:[email protected]] On Behalf Of
William Mills
Sent: Tuesday, October 04, 2011 4:56 PM
To: Thomson, Martin; Mike Jones; Marius Scurtescu; Phil Hunt
Cc: [email protected] WG
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
Allowing URI requires allowing % encoding, which is workable. As far as the
protocol goes URI is a form of space separated string and the protocol doesn't
care. URI doesn't include quote or qhitespace in the allowed characters so
there's no problem there.
I agree that we'd have to write it such that it's clear you don't have to use
a URI. Drawing from
http://labs.apache.org/webarch/uri/rev-2002/rfc2396bis.html#path perhaps the
allowed charset becomes
scope = *( unreserved / reserved / pct-encoded )
with the clarification that a scope MAY take the form of a properly formatted
URI.
-bill
________________________________
From:"Thomson, Martin" <[email protected]>
To: Mike Jones <[email protected]>; Marius Scurtescu
<[email protected]>; Phil Hunt <[email protected]>
Cc: "[email protected] WG" <[email protected]>
Sent: Tuesday, October 4, 2011 4:08 PM
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
On 2011-10-05 at 05:07:06, Mike Jones wrote:
> Existing practice is that simple ASCII strings like "email" "profile",
> "openid", etc. are used as scope elements. Requiring them to be URIs
> would break most existing practice.
Constraining syntax to an ascii token OR a URI (relative reference) might
work. Anything with a colon can be interpreted as a URI; anything without
better use a constrained set of characters.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
