Barry Leiba <[email protected]> writes:
> Henry says...
>>> No, I appreciate that you want to use registered short names in
>>> the protocol, that's just fine. My problem is that you have left
>>> users, developers etc. with no way to discover what shortnames
>>> have been registered short of a non- trivial and error-prone
>>> informal search effort.
>>> . . .
>
> Eran says...
>> Not sure I understand what you are asking for, but what would the
>> IANA instruction include to support this?
>
> Yeh, I'm not understanding this either. The spec establishes an
> access-token-type registry, and anyone will be able to look in that
> registry the same way they look in any other IANA registry, such as
> media-types. It looks like Henry is asking for this to use some sort
> of type/subtype mechanism, as media-types does, wherein when a new
> token type is registered, that registration or subsequent ones can
> create subtypes of that token type.
No, sorry, not at all about subtyping or anyting like that.
Sorry this is proving difficult to communicate!
Start again. Consider the situation five years from now, when OAUTH2
is a great success, and there are dozens of entries in its various
registries.
1) Suppose you're a developer, setting out to implement OAUTH2. You
need to know what access token types, etc. to implement;
2) Or you're a user, wondering what access token types are available,
so you can decide which suit your requirements best;
3) Or you're a service provider, and you come up with a new token
type and want to check if the name you have in mind is already in
use.
You have read the spec., and the _only_ concrete thing it tells you
about the registers is the name of an email list. So you have to go
to the email archives and search for . . . what exactly? Different in
the three cases above, and in none of them is it obvious how to know
what counts as success.
So what I'm asking for is more mechanism, documented in the spec. in
terms of what the registry itself will provide, which is, in each
case, a URI which will not only resolve to a list of the registered
shortnames, but will also support retrieval for any registered short
name by appending it. So for example for the access token type
registry, the spec. should tell me that retrieving
http://www.iana.org/oath2/access-token-types
will give me a page listing all the registered access token types, and
also
http://www.iana.org/oath2/access-token-types/bearer
will return the registration details for the bearer type.
This will then make all of (1)--(3) easy.
Better this time?
ht
--
Henry S. Thompson, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 650-4587, e-mail: [email protected]
URL: http://www.ltg.ed.ac.uk/~ht/
[mail from me _always_ has a .sig like this -- mail without it is forged spam]
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
