Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Tschofenig, Hannes (NSN - FI/Espoo)
; Dick Hardt Cc: OAuth WG Subject: RE: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs to handle the scope as anything other than opaque is when it is accessing multiple services

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Justin Richer
Rosenstock; Dick Hardt Cc: OAuth WG Subject: RE: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs to handle the scope as anything other than opaque is when

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Blaine Cook
); ext Lukas Rosenstock; Dick Hardt Cc: OAuth WG Subject: RE: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs to handle the scope as anything other than opaque is when

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Dick Hardt
, June 24, 2010 8:15 PM To: Tschofenig, Hannes (NSN - FI/Espoo); ext Lukas Rosenstock; Dick Hardt Cc: OAuth WG Subject: RE: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Dick Hardt
To: Tschofenig, Hannes (NSN - FI/Espoo); ext Lukas Rosenstock; Dick Hardt Cc: OAuth WG Subject: RE: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs to handle the scope as anything other than

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Luke Shepard
: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm in favor of having a spaces separated list of tokens. The only case I can think of where the client needs to handle the scope as anything other than opaque is when it is accessing multiple services. To reduce the numebr of login events

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Eran Hammer-Lahav
: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I agree with Dick that the scope should remain out of scope for OAuth. ;-) Having a shared parameter here gives the illusion of interoperability, but because there's no common understanding of permissible scopes, there's no way to guarantee

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Dick Hardt
Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? To clarify, the goal is to reserve a namespace for future use so that near term implementations won't collide? I expect the standardization of scope values to not be in OAuth, but in standardized APIs that use OAuth, so

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Eran Hammer-Lahav
That's coming in -09. EHL -Original Message- From: Dick Hardt [mailto:dick.ha...@gmail.com] Sent: Friday, June 25, 2010 11:19 AM To: Eran Hammer-Lahav Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? I'm ok

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-25 Thread Justin Hart
: Friday, June 25, 2010 8:50 AM To: Tschofenig, Hannes (NSN - FI/Espoo) Cc: OAuth WG Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? To clarify, the goal is to reserve a namespace for future use so that near term implementations won't collide? I expect the standardization

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-24 Thread Lukas Rosenstock
Wasn't there some concensus that URIs would be good for scope? They have in-built namespacing ... Lukas 2010/6/23 Dick Hardt dick.ha...@gmail.com: On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:   scope         OPTIONAL.  The scope of the access request expressed as

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-24 Thread Tschofenig, Hannes (NSN - FI/Espoo)
-Original Message- From: ext Lukas Rosenstock [mailto:l...@lukasrosenstock.net] Sent: Thursday, June 24, 2010 10:49 AM To: Dick Hardt Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? Wasn't there some concensus that URIs

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-24 Thread Justin Richer
I recall there being consensus on the space delimiter to make it so that URIs could be used easily as scope parameters. I know that I, personally, would rather have keywords in our implementation than URIs, so I'm very much in favor of keeping it unspecified. -- justin On Thu, 2010-06-24 at

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-24 Thread Dick Hardt
10:49 AM To: Dick Hardt Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? Wasn't there some concensus that URIs would be good for scope? They have in-built namespacing ... Lukas 2010/6/23 Dick Hardt dick.ha...@gmail.com

Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-24 Thread William Mills
-boun...@ietf.org] On Behalf Of Tschofenig, Hannes (NSN - FI/Espoo) Sent: Thursday, June 24, 2010 3:58 AM To: ext Lukas Rosenstock; Dick Hardt Cc: OAuth WG Subject: Re: [OAUTH-WG] Scope :: Was: Extensibility for OAuth? The question is whether one would ever want to have a standardized

[OAUTH-WG] Scope :: Was: Extensibility for OAuth?

2010-06-23 Thread Dick Hardt
On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: scope OPTIONAL. The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains