As I remember there was serious objection by a few to putting versioning in the 
scheme name.  OAuth, OAuth2, and soon we're on OAuthN+1 seemed to be the 
objection.  Some are passionate about it and no one was sufficiently passionate 
about going with OAuth2 and some kind of token_type.

Logically token_type doesn't actually fully describe the possibilities, since 
we can extend to signed requests etc that don't include a token per se.

So...  since the extensions were going to be broken out into their own specs, I 
believe the thought was to have those specs define their own namespaces.  There 
is certainly a land grab problem there on the scheme namespace.

I personally don't have a preference, but it does seem cleaner to me to have an 
IANA style registry for the OAuth2 auth_subtype= or some such.

-bill

> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Marius Scurtescu
> Sent: Tuesday, January 25, 2011 6:26 PM
> To: Mike Jones
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Bear token scheme name
> 
> On Wed, Jan 19, 2011 at 10:10 AM, Mike Jones
> <michael.jo...@microsoft.com> wrote:
> > I'd like a sense from the working group whether others want this
> change, and
> > if so, what the name should be changed to.
> 
> Probably this was debated, but I will ask again.
> 
> Why can't we use "OAuth2" as the scheme in all cases and require a
> token_type name/value pair?
> 
> Is it wise to dump lots of new schemes in a name space we do not
> control?
> 
> Marius
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to