I fully agree with Yaron. My preference for x-www-form-urlencoded is slight, and mostly because I haven't seen a compelling reason to change. I'm fine with choosing JSON (or even XML) as long as there is one format.
On Fri, Apr 30, 2010 at 10:02 AM, Yaron Goland <yar...@microsoft.com> wrote: > I actually have a preference for application/x-www-form-urlencoded but it's > not overwhelming, the key thing I believe we need to do is have exactly one > request/response format. In other words, I don't believe we should use one > format for requests and another for responses. Just pick one for both. > Thanks, > Yaron > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Torsten Lodderstedt > > Sent: Friday, April 30, 2010 2:00 AM > > To: Brian Eaton > > Cc: oauth@ietf.org > > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > > (Proposal) > > > > > > Zitat von Brian Eaton <bea...@google.com>: > > > > > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore <blowm...@gmail.com> > > wrote: > > >> On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland <yar...@microsoft.com> > > wrote: > > >>> > > >>> Can we please just have one format, not 3? The more choices we give > > >>> the more interoperability suffers. > > > > > > Yes. The number of parsers needed to make a working system is > > > important. The spec has too many already. > > > > > > I'd like to see authorization servers returning JSON or XML, since > > > that's what the resource servers are doing. > > > > > > ...and given a choice between JSON and XML, I'd pick JSON. > > > > > > > I agree. At Deutsche Telekom, we try to align our authorization APIs with > the > > APIs provided by the resource servers. Authorization is "just" a small, > but > > important, portion of the overall process and aligning it with the rest > > increases acceptance and decreases error rate. > > > > None of the APIs we provide uses form encoding, most of them use JSON, > > some XML. > > Based on that observation I would like to see at least JSON support in > OAuth. > > So JSON as the only would be fine with me. > > > > My proposal is based on the observation that the WG did not come to a > > consensus about the one and only format. > > > > I have collected the following opinions from the thread: > > > > pro additional support for JSON and XML - Marius Scurtescu, John Jawed, > > Richard Barnes, Brian Eaton, Torsten Lodderstedt pro additional support > for > > JSON - Dick Hardt (initiated the thread), Joseph Smarr still support > > application/x-www-form-urlencoded (unclear whether > > exclusively) - David Recordon, Gaurav Rastogi one format only (preference > > unclear) - Yaron Goland JSON as the only format (if forced to decide for > a > > single format) - Brian Eaton, Torsten Lodderstedt JSON as the only format > - > > James Manger, Robert Sayre application/x-www-form-urlencoded as the > > only format - Mike Moore JSON for responses as well - Marius Scurtescu > > > > Here are some representative comments from the thread: > > > > Joseph Smarr - "JSON is already widely supported (presumably including by > > most APIs that you're building OAuth support to be able to access!" > > > > David Recordon - "it's drastically more complex for environments (like > > embedded hardware) which doesn't support JSON." > > > > Paul C. Bryan - "I'm struggling to imagine hardware that on the one hand > > would support OAuth, but on the other would be incapable of supporting > > JSON..." > > > > Gaurav Rastogi - "There are enough number of small embedded software > > stack where JSON is not an option." > > > > So we have at least 9 votes pro JSON, but also 1 vote for > application/x-www- > > form-urlencoded only. > > > > How shall we proceed? Can we come to a consensus? > > > > regards, > > Torsten. > > > > > Cheers, > > > Brian > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
