As I remember there was serious objection by a few to putting versioning in the scheme name. OAuth, OAuth2, and soon we're on OAuthN+1 seemed to be the objection. Some are passionate about it and no one was sufficiently passionate about going with OAuth2 and some kind of token_type.
Logically token_type doesn't actually fully describe the possibilities, since we can extend to signed requests etc that don't include a token per se. So... since the extensions were going to be broken out into their own specs, I believe the thought was to have those specs define their own namespaces. There is certainly a land grab problem there on the scheme namespace. I personally don't have a preference, but it does seem cleaner to me to have an IANA style registry for the OAuth2 auth_subtype= or some such. -bill > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Marius Scurtescu > Sent: Tuesday, January 25, 2011 6:26 PM > To: Mike Jones > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Bear token scheme name > > On Wed, Jan 19, 2011 at 10:10 AM, Mike Jones > <michael.jo...@microsoft.com> wrote: > > I'd like a sense from the working group whether others want this > change, and > > if so, what the name should be changed to. > > Probably this was debated, but I will ask again. > > Why can't we use "OAuth2" as the scheme in all cases and require a > token_type name/value pair? > > Is it wise to dump lots of new schemes in a name space we do not > control? > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth