IETF Logo Mail Archive

Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions

"Richer, Justin P." <jricher@mitre.org> Mon, 17 October 2011 02:19 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5E451F0C38 for <oauth@ietfa.amsl.com>; Sun, 16 Oct 2011 19:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwdsASoo1CXH for <oauth@ietfa.amsl.com>; Sun, 16 Oct 2011 19:19:18 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 1C6EA1F0C36 for <oauth@ietf.org>; Sun, 16 Oct 2011 19:19:17 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1D94B21B0797; Sun, 16 Oct 2011 22:19:10 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 15EDA21B030A; Sun, 16 Oct 2011 22:19:10 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.101]) by IMCCAS01.MITRE.ORG ([129.83.29.78]) with mapi id 14.01.0339.001; Sun, 16 Oct 2011 22:19:09 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: John Bradley <ve7jtb@ve7jtb.com>, Eran Hammer-Lahav <eran@hueniverse.com>
Thread-Topic: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
Thread-Index: AQHMjGFpkEkw94Idb0mUaXO7/pfvH5V/zFZP
Date: Mon, 17 Oct 2011 02:19:09 +0000
Message-ID: <B33BFB58CCC8BE4998958016839DE27EA769@IMCMBX01.MITRE.ORG>
References: <4E1F6AAD24975D4BA5B16804296739435C23C5A6@TK5EX14MBXC284.redmond.corp.microsoft.com><7A22B287-CC99-4FD7-84DF-8FF5DA871FC6@gmx.net><4E1F6AAD24975D4BA5B16804296739435C23CAFE@TK5EX14MBXC284.redmond.corp.microsoft.com><89BE3D9D-AB1D-44B2-BA7D-0C0D74BCA885@gmx.net> <4E1F6AAD24975D4BA5B16804296739435C23CC9D@TK5EX14MBXC284.redmond.corp.microsoft.com> <999913AB42CC9341B05A99BBF358718DAABC44@FIESEXC035.nsn-intra.net> <4E1F6AAD24975D4BA5B16804296739435C23EA6A@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9AB561.5060904@gmx.de> <4E1F6AAD24975D4BA5B16804296739435C23F5B6@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E9B1BA6.2060704@gmx.de> <90C41DD21FB7C64BB94121FBBC2E723452604B908A@P3PW5EX1MB01.EX1.SECURESERVER.NET>, <9E5660BC-C797-454B-B2AF-48AB3E886AC7@ve7jtb.com>
In-Reply-To: <9E5660BC-C797-454B-B2AF-48AB3E886AC7@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.83.31.51]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2011 02:19:18 -0000

I think the limit makes sense, but then are tokens limited by the same rules? They need to live in all the same places (query parameters, headers, forms) that scopes do and would be subject to the same kinds of encoding woes that scopes will. Or am I missing something obvious as to why this isn't a problem for tokens (both bearer tokens and the public part of MAC tokens) but is a problem for scope strings?

 -- Justin
________________________________________
From: oauth-bounces@ietf.org [oauth-bounces@ietf.org] on behalf of John Bradley [ve7jtb@ve7jtb.com]
Sent: Sunday, October 16, 2011 8:11 PM
To: Eran Hammer-Lahav
Cc: OAuth WG
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &    Proposed Resolutions

Restricting it now in the core spec is going to save a lot of headaches later.

John B.
On 2011-10-16, at 3:54 PM, Eran Hammer-Lahav wrote:

> It's an open question for the list.
>
> EHL
>
>> -----Original Message-----
>> From: Julian Reschke [mailto:julian.reschke@gmx.de]
>> Sent: Sunday, October 16, 2011 11:00 AM
>> To: Mike Jones
>> Cc: Tschofenig, Hannes (NSN - FI/Espoo); Hannes Tschofenig; OAuth WG;
>> Eran Hammer-Lahav
>> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
>> Proposed Resolutions
>>
>> On 2011-10-16 18:44, Mike Jones wrote:
>>> As Eran wrote on 9/30, "The fact that the v2 spec allows a wide range of
>> characters in scope was unintentional. The design was limited to allow simple
>> ASCII strings and URIs."
>>> ...
>>
>> I see. Thanks.
>>
>> Is this going to be clarified in -23?
>>
>> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email