On Jul 15, 2010, at 9:07 AM, Eran Hammer-Lahav wrote: > I would like people to raise their hand and explain how this will break > actual 1.0 deployments.
What happens if a 1.0 client receives a WWW-Authenticate header from a 2.0 protected resource with the 'OAuth' mechanism specified? Might it then attempt OAuth 1 with a 2.0 token service (and thus just fail without being able to know what went wrong)? - johnk > > EHL > > > > On Jul 15, 2010, at 1:38, Brian Eaton <bea...@google.com> wrote: > >> Draft 10 switched from "Token" scheme in the authorization header to >> "OAuth". I'd rather we didn't reuse OAuth. 'OAuth2' would be great. >> "Token" is ugly as sin, but is better than "OAuth". >> >> Spec section: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#page-30 >> >> The problem with reusing "OAuth" is that there are existing >> implementations in the wild that have special behavior implemented for >> OAuth authorization headers. Since OAuth2 headers don't have the same >> semantics, we're going to break those implementations. We shouldn't >> reuse "OAuth" for the same reasons we shouldn't reuse "Negotiate", >> "NTLM", "Digest", or "Basic. >> >> Cheers, >> Brian >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
