On Tue, Jan 25, 2011 at 6:34 PM, William Mills <wmi...@yahoo-inc.com> wrote: > As I remember there was serious objection by a few to putting versioning in > the scheme name. OAuth, OAuth2, and soon we're on OAuthN+1 seemed to be the > objection. Some are passionate about it and no one was sufficiently > passionate about going with OAuth2 and some kind of token_type.
Sure, then we can use something version agnostic like "OAuth". And maybe add a version name/value pair if needed (OAuth 1 has one). > Logically token_type doesn't actually fully describe the possibilities, since > we can extend to signed requests etc that don't include a token per se. Can you give an example that make sense with OAuth? If there is no token then that's not OAuth IMO. > So... since the extensions were going to be broken out into their own specs, > I believe the thought was to have those specs define their own namespaces. > There is certainly a land grab problem there on the scheme namespace. > > I personally don't have a preference, but it does seem cleaner to me to have > an IANA style registry for the OAuth2 auth_subtype= or some such. Yes, I think that's much cleaner. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
