On Thu, Jul 1, 2010 at 9:35 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Hi Rob, > >> -----Original Message----- >> From: Rob Richards [mailto:rricha...@cdatazone.org] >> Sent: Thursday, July 01, 2010 3:26 AM >> To: OAuth WG (oauth@ietf.org); Eran Hammer-Lahav >> Subject: Versioning >> >> Versioning is still something that needs to be addressed before being being >> able to consider the draft core complete. > > Versioning rarely works because when you define it, you have no idea what the > requirements will be for the next version. A good example is the OAuth 1.0 > version parameter. When we worked to revised 1.0 into 1.0a, we had a long > debate on changing the protocol version number. We had a hard time agreeing > on what the version meant and what was it a version *of*: the signature > method or the token flow. > > If this protocol will require significant changes in the future that go > beyond its extensibility support, such a new version will need to use > different endpoints (token or end-user authorization) and/or different HTTP > authentication scheme.
I don't think the authz server endpoints are an issue, but the protected resources. The auth scheme is very generic, "Token". So either the scheme should be more specific, like "OAuth2", or a version should be added as a parameter. Maybe a token type as Dick suggested. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
