On 11/04/2012 01:25, Mike Jones wrote:
Hi Alexey,
Hi Mike,
I've dropped issue 2, Sean took charge of discussing it with IESG.
About your issue 1: The OAuth Core spec, where "scope" is primarily defined, includes
the sentence "The [scope] strings are defined by the authorization server" (see
http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3). I could add that clarification to
the Bearer spec as well to make it clear that the scope values are context-dependent, if that would
address your concern.
Yes, but only partially. I would also like to see a clear statement that
there is no centralized registry for scope values, plus some examples
(more than 1) of how values of this attribute can look like.
With out this information I don't think the spec is implementable.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
