What's the current leaning in the core spec. Is there a direction emerging for
this answer?
________________________________
From: Eran Hammer-Lahav <[email protected]>
To: John Bradley <[email protected]>; "Richer, Justin P." <[email protected]>
Cc: OAuth WG <[email protected]>
Sent: Monday, October 17, 2011 7:27 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed
Resolutions
I agree.
EHL
> -----Original Message-----
> From: John Bradley [mailto:[email protected]]
> Sent: Monday, October 17, 2011 6:07 AM
> To: Richer, Justin P.
> Cc: Eran Hammer-Lahav; OAuth WG
> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
> Proposed Resolutions
>
> The scopes cross all of the profiles.
>
> I expect that restricting the character sets for bearer tokens, MAC, and other
> future variants should be dealt with in those profiles.
>
> Without restricting scope in core, we leave the possibility of coming up with
> different rules in different profiles e.g. MAC vs Bearer.
>
> It is probably best to have one rule in core that works across all the
> profiles.
>
> John B.
> On 2011-10-16, at 7:19 PM, Richer, Justin P. wrote:
>
> > I think the limit makes sense, but then are tokens limited by the same
> rules? They need to live in all the same places (query parameters, headers,
> forms) that scopes do and would be subject to the same kinds of encoding
> woes that scopes will. Or am I missing something obvious as to why this isn't
> a problem for tokens (both bearer tokens and the public part of MAC tokens)
> but is a problem for scope strings?
> >
> > -- Justin
> > ________________________________________
> > From: [email protected] [[email protected]] on behalf of
> > John Bradley [[email protected]]
> > Sent: Sunday, October 16, 2011 8:11 PM
> > To: Eran Hammer-Lahav
> > Cc: OAuth WG
> > Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
> Proposed Resolutions
> >
> > Restricting it now in the core spec is going to save a lot of headaches
> > later.
> >
> > John B.
> > On 2011-10-16, at 3:54 PM, Eran Hammer-Lahav wrote:
> >
> >> It's an open question for the list.
> >>
> >> EHL
> >>
> >>> -----Original Message-----
> >>> From: Julian Reschke [mailto:[email protected]]
> >>> Sent: Sunday, October 16, 2011 11:00 AM
> >>> To: Mike Jones
> >>> Cc: Tschofenig, Hannes (NSN - FI/Espoo); Hannes Tschofenig; OAuth
> >>> WG; Eran Hammer-Lahav
> >>> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
> >>> Proposed Resolutions
> >>>
> >>> On 2011-10-16 18:44, Mike Jones wrote:
> >>>> As Eran wrote on 9/30, "The fact that the v2 spec allows a wide
> >>>> range of
> >>> characters in scope was unintentional. The design was limited to
> >>> allow simple ASCII strings and URIs."
> >>>> ...
> >>>
> >>> I see. Thanks.
> >>>
> >>> Is this going to be clarified in -23?
> >>>
> >>> Best regards, Julian
> >> _______________________________________________
> >> OAuth mailing list
> >> [email protected]
> >> https://www.ietf.org/mailman/listinfo/oauth
> >
> > _______________________________________________
> > OAuth mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
