This is a correct observation but I am not sure if it would be useful to change
the definition. The current definition isn't wrong, just (sometimes)
incomplete. An OAuth client is an HTTP client speaking OAuth, but for the
purpose of obtaining a token using the callback flow, it also has to have HTTP
server capabilities. I don't think that voids the current definition.
I'll tweak the wording specific to the callback flow.
EHL
On 4/1/10 8:14 AM, "Zachary Zeltsan" <zachary.zelt...@alcatel-lucent.com> wrote:
Eran,
The progress is good indeed.
I believe that the following comment on the draft applies also to some previous
versions of OAuth specifications.
In my opinion, the description of step A of the Web Callback Flow implies that
a client
is an HTTP server:
(A) The web client initiates the flow by redirecting the end user's
user-agent to the authorization endpoint ...
(If it is the HTTP redirection, then the client has to be an HTTP server).
If an OAuth client has to be an HTTP server in order to participate in OAuth
flow, then the draft's definition of client appears to be incomplete:
client
An HTTP client capable of making authenticated requests for
protected resources using the OAuth protocol
Should not the definition reflect the fact that client has to be also an HTTP
server (which appears to be the case at least for the Web Callback Flow)?
Zachary
-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Wednesday, March 31, 2010 9:22 PM
To: OAuth WG
Subject: [OAUTH-WG] Draft progress update
I'm making good progress working off David's draft and bringing text from
WRAP into it, as well as from OAuth 1.0a, and my token auth proposal. So far
it is largely in line with David's proposal and the majority of changes are
purely editorial.
The only significant change I have made (which is of course open to debate)
is renaming all the authorization flows parameters. I dropped the oauth_
prefix (no real need since these are purely OAuth endpoints, not protected
resources), and made most of the parameter names shorter. I am not done so
they are not consistent yet.
You can follow my progress (changes every few hours) at:
http://github.com/theRazorBlade/draft-ietf-oauth/raw/master/draft-ietf-oauth
.txt
Please feel free to comment on anything you like or dislike. I will publish
the whole thing as an I-D once it is feature complete for the WG to discuss
before we promote this to a WG draft.
I hope to be done with the initial draft by middle of next week (I'll be
flying most of Fri-Sat so no progress over the weekend).
EHL
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
