I've been reading this with much interest, but I am getting hopelessly
lost because of the usage of the word API. Somehow, to me -- for many
years--it meant the format of procedure calls, or, more general,
procedure signatures in standard libraries.
I remember David at the last meeting clarified to me that by "API" he
meant HTTP headers. I don't mind broadening the term, but do we have a
definition for it?
Igor
Marius Scurtescu wrote:
On Tue, Apr 6, 2010 at 2:42 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
The question is how your APIs are structure. Do you have APIs that require
multiple “scopes” in a single call?
Things can get even more complicated. When the user grants access for
the client, the approval page should list all the scopes the client is
requesting. This is the set of scopes needed by the client for *all*
the API calls. Each API will need a subset of this approved, larger
set.
With that in mind, it would be useful to be able to down-scope access
tokens when using the refresh token, this way the client can send the
smallest set of scopes with each API call.
But again, for all the above, the client must have intimate knowledge
of the APIs (aka protected resources) and what scopes are required,
the OAuth 2.0 libraries used by the client can treat the scopes as
opaque strings IMO.
Marius
EHL
On 4/6/10 8:29 AM, "Luke Shepard" <lshep...@facebook.com> wrote:
For Facebook at least, we are currently planning to use scope as a
comma-separated list of permissions from this set:
http://wiki.developers.facebook.com/index.php/Extended_permissions
For instance:
oauth_scope=read_stream,email,photo_upload
I'm not sure if that maps to realm exactly.
On Apr 6, 2010, at 8:03 AM, Dick Hardt wrote:
On 2010-04-06, at 12:16 AM, Eran Hammer-Lahav wrote:
On 4/2/10 3:27 PM, "Dick Hardt" <dick.ha...@gmail.com> wrote:
There are times when a resource may have different scope for different
kinds
of access. realm != scope
No. Realm is a subset. It is what people define as the protected segment
name.
Different Protected Resources could require the same scope, so I see realm
and scope as being orthogonal.
For any other scope attribute we need to first define it.
Why? Scope will often be application specific.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
