On 2010-04-19, at 9:25 AM, Eran Hammer-Lahav wrote: > 2. Server requires authentication > > HTTP/1.1 401 Unauthorized > WWW-Authenticate: Token realm='Example', scope='x2'
Can more than one scope be returned? Is it a comma delimited list? I wonder how much value this will provide. (I like the idea, but teasing out the implications.) Imagine we have a resource that can have READ or WRITE access granted. An unauthenticated GET on the resource could return the scope URI needed for READ, an unauthenticated PUT on the resource could return the scope URI for WRITE. What if you want to both do READs and WRITEs? There may be another scope that is READ/WRITE. READ and WRITE are pretty common capabilities, but one can imagine much more complex capabilities at resources. The exact semantics to the resource are likely going to very contextual. Given that, returning a single scope value if that is all that makes sense to the resource will likely address many use cases. (+1 to Eran's proposal given all the other factors) -- Dick _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
