; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
So, Eran's first proposal:
A client application consisting of multiple components, each
with its
own client type (e.g. a distributed client with both a
confidential
server-based component
Sakimura; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 13:13, Eran Hammer e...@hueniverse.com
wrote:
Ok. That's much better than my guess that you wanted to drop all
the registration text from the specification.
What I'm looking
] On Behalf Of Breno
Sent: Saturday, March 17, 2012 8:50 AM
To: Eran Hammer
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
To summarize, I am weary of registration normative language that
appears to disallow common practice implemented by servers
: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Mike, Nat,
Does the new text work for you?
EH
-Original Message-
From: breno.demedei...@gmail.com
[mailto:breno.demedei...@gmail.com] On Behalf Of Breno
Sent: Saturday, March 17, 2012 12:10 PM
To: Eran Hammer
Cc: OAuth WG
Subject
: Saturday, March 17, 2012 12:10 PM
To: Eran Hammer
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
That is much clearer. Thank you.
On Sat, Mar 17, 2012 at 9:17 AM, Eran Hammer e...@hueniverse.com
wrote:
How about we phrase it the other way
, March 17, 2012 12:10 PM
To: Eran Hammer
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
That is much clearer. Thank you.
On Sat, Mar 17, 2012 at 9:17 AM, Eran Hammer e...@hueniverse.com
wrote:
How about we phrase it the other way:
A clients may
That seems to cover it.
My problem is that client registration has been treated largely as being out of
scope other than some general principals. We are now adding normative text,
but still not specifying mechanisms.
Nat's text allows existing practice with complex clients like Facebook with
raised.
EH
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Nat
Sakimura
Sent: Thursday, March 15, 2012 2:04 AM
To: Breno de Medeiros; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
So, Eran's first proposal:
A client application consisting
] Fw: Breaking change in OAuth 2.0 rev. 23
** **
** **
So, Eran's first proposal:
** **
A client application consisting of multiple components, each with its
own client type (e.g. a distributed client with both a confidential
server-based component and a public browser-based
Sent: Thursday, March 15, 2012 7:45 AM
To: Nat Sakimura; Breno de Medeiros; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
This add-on is unnecessary. It already says the authorization server can handle
it any way it wants. The fact that other registration options
, 15 Mar 2012 09:56:13 -0700
To: Eran Hammer-Lahav e...@hueniverse.commailto:e...@hueniverse.com
Cc: Nat Sakimura sakim...@gmail.commailto:sakim...@gmail.com, OAuth WG
oauth@ietf.orgmailto:oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 07:45
de Medeiros br...@google.com
Date: Thu, 15 Mar 2012 09:56:13 -0700
To: Eran Hammer-Lahav e...@hueniverse.com
Cc: Nat Sakimura sakim...@gmail.com, OAuth WG oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 07:45, Eran Hammer e
: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
So, Eran's first proposal:
A client application consisting of multiple components, each with its
own client type (e.g. a distributed client with both a confidential
server-based component and a public browser-based component
09:56:13 -0700
To: Eran Hammer-Lahav e...@hueniverse.com
Cc: Nat Sakimura sakim...@gmail.com, OAuth WG oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 07:45, Eran Hammer e...@hueniverse.com wrote:
This add-on is unnecessary
on that we can come up with a clear solution.
EH
From: Breno de Medeiros br...@google.com
Date: Thu, 15 Mar 2012 09:56:13 -0700
To: Eran Hammer-Lahav e...@hueniverse.com
Cc: Nat Sakimura sakim...@gmail.com, OAuth WG oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
...@hueniverse.com
Cc: Nat Sakimura sakim...@gmail.com, OAuth WG oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 07:45, Eran Hammer e...@hueniverse.com
wrote:
This add-on is unnecessary. It already says the authorization server
can
handle it any way
-Original Message-
From: Breno de Medeiros [mailto:br...@google.com]
Sent: Thursday, March 15, 2012 2:12 PM
To: Eran Hammer
Cc: Nat Sakimura; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
On Thu, Mar 15, 2012 at 13:13, Eran Hammer e...@hueniverse.com
wrote
Hi,
Nat Sakimura started a thread on the OpenID Connect list about a
breaking change introduced by rev 2.3
The paragraph in question is in section 2.1:
A client application consisting of multiple components, each with its
own client type (e.g. a distributed client with both a confidential
: Wednesday, March 14, 2012 9:53 AM
To: OAuth WG
Cc: Breno de Medeiros
Subject: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Hi,
Nat Sakimura started a thread on the OpenID Connect list about a breaking
change introduced by rev 2.3
The paragraph in question is in section 2.1
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Marius Scurtescu
Sent: Wednesday, March 14, 2012 9:53 AM
To: OAuth WG
Cc: Breno de Medeiros
Subject: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Hi,
Nat Sakimura started
Scurtescu; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Can you explain to me why response_type is necessary at all after this
change.
If a javascript client (candidate for token usage) and the web server
component (candidate for code usage) cannot share
in
your reading of the text.
Hope this clarifies it.
EH
-Original Message-
From: Breno de Medeiros [mailto:br...@google.com]
Sent: Wednesday, March 14, 2012 10:16 AM
To: Eran Hammer
Cc: Marius Scurtescu; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
[mailto:mscurte...@google.com]
Sent: Wednesday, March 14, 2012 11:24 AM
To: Eran Hammer
Cc: Breno de Medeiros; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Before v23 a web server client could use either response_type=code or
response_type=token, with the same client
, March 14, 2012 11:35 AM
To: Marius Scurtescu
Cc: Breno de Medeiros; OAuth WG
Subject: Re: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
You are not reading it correctly.
This is a *registration* requirement, meaning, the client has to inform the
server of the different components
[mailto:michael.jo...@microsoft.com]
Sent: Wednesday, March 14, 2012 11:42 AM
To: Eran Hammer; Marius Scurtescu
Cc: Breno de Medeiros; OAuth WG
Subject: RE: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
All of Marius, Breno, Nat, myself, and several others on the OpenID AB list
have read
Subject: RE: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
All of Marius, Breno, Nat, myself, and several others on the OpenID AB list
have read it this way. I believe that either this change needs to be removed
(my preference!) or a sentence needs to be explicitly added that states
on client type
identification.
EH
-Original Message-
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Wednesday, March 14, 2012 11:42 AM
To: Eran Hammer; Marius Scurtescu
Cc: Breno de Medeiros; OAuth WG
Subject: RE: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
I am sorry, but with this language this is a different spec with
different compliance profiles and without supplying enough guidance
for creating interoperable server implementations for common
deployment models.
As I read this thread, I see two things come out clearly:
1. Eran didn't intend
Off list.
Or not so much off list. He-he.
b
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
29 matches
Mail list logo