Introducing URI semantics for scope values containing colons seems like
unnecessary and unmotivated invention at this point. In the core spec, scope
values are case-sensitive strings separated by spaces. That's it. Nothing
about URIs or colons. I believe that the scope semantics of the core and
bearer specs should be consistent; this would not be.
Writing as an individual working group member...
-- Mike
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Barry Leiba
Sent: Tuesday, October 04, 2011 4:48 PM
To: Thomson, Martin
Cc: Mike Jones; Marius Scurtescu; Phil Hunt; [email protected] WG
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
>> Existing practice is that simple ASCII strings like "email"
>> "profile", "openid", etc. are used as scope elements. Â Requiring them
>> to be URIs would break most existing practice.
>
> Constraining syntax to an ascii token OR a URI (relative reference)
> might work. Â Anything with a colon can be interpreted as a URI;
> anything without better use a constrained set of characters.
This sounds like a good compromise. URI encoding is already specified
elsewhere, and then ASCII tokens can be limited as they already are, with no
encoding.
Are there any objections to this approach?
Barry
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
