> -----Original Message----- > From: Brian Eaton [mailto:bea...@google.com] > Sent: Thursday, April 22, 2010 11:48 AM > On Thu, Apr 22, 2010 at 11:39 AM, John Kemp <j...@jkemp.net> wrote: > > I agree that 'scope' is something that many SPs want. If they don't > > want it roughly the same way though (something more than a "bucket of > > opaque strings with a standard > > name") I don't know if I understand the point to standardizing it. > > Well, we've moved from "opaque string" to "bucket of opaque strings".
And that's where we should stop. That's as far as required given the way scope is widely used today. > And from there, we could in theory move to "bucket of opaque strings that > represent privileges, and well defined ways of dropping those privileges". We only need to make sure not to prevent it. We should not specify something that is too limited to begin with. I don't think we have. > This is hand-wavy, but the main reason I see to standardize a scope > parameter is that it helps developers with a consistent mental model of how > service providers work. It also helps new service providers be consistent > with the way previous APIs have been built. If that is all you want to accomplish we can describe such a mechanism without naming a parameter. What you are describing is prose, not normative language. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
