On 4/19/10 11:01 PM, Marius Scurtescu wrote: > On Mon, Apr 19, 2010 at 9:50 PM, Dick Hardt <dick.ha...@gmail.com> wrote: >> >> On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote: >> >>> On 4/18/10 6:46 PM, Dick Hardt wrote: >>> >>>> Given the practice that the authorization endpoint and the redirect_uri >>>> can contain URI query parameters, then differentiating between >>>> application specific query parameters and OAuth protocol parameters by >>>> prefixing the OAuth parameters with oauth_ would seem a useful way to >>>> minimize conflicts. >>> >>> Can't application developers avoid conflicts by giving their parameters >>> names other than those already used in OAuth? >> >> If changing the parameters is available to them. They may be trying to >> shimmy OAuth into an existing system. > > Even if the developer can chose a parameter that is not used by OAuth > right now, he/she has no guarantee that this parameter name will not > be introduced by a future version of the spec.
True. >> I don't know how common the issue is, just pointing out why the prefix was >> there in the past. > > Yes, chances for a collision are very small, but still, well worth > using the prefix IMO. Sure, I see your point. I have no deep objections to prefixing, and it does seem as if it would make collisions less likely (although not impossible). Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
