How do we reconcile "Bearer" with "Negotiate", "NTLM", "Basic", and "GoogleLogin"? All of those examples are widely deployed and use bearer tokens in Authorization headers. Should all of those switch to using the "Bearer" scheme as well?
Tokens issued via OAuth will require specific validation logic, for exactly the same reasons that all of the above examples have specific, different validation logic. The normal way code that needs to deal with multiple authentication types gets written is to look at the scheme name, and then switch out library support based on the scheme. Something like "Bearer" seems overly generic. Why do we think we are qualified to claim "Bearer" for our own? On Thu, Feb 3, 2011 at 8:24 PM, Manger, James H <james.h.man...@team.telstra.com> wrote: > +1 for #1 > > > > #2 is awful; #3 is unnecessary; #4 “OAuth2” just has less meaning than, say, > “Bearer”. > > #1 offers the cleanest separation between “using-a-token to authenticated a > request” and “a delegation flow to authorize a client” which is likely to be > helpful for lots of people now and in the future trying to get their heads > around this complex space. > > > > -- > > James Manger > > > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of > Eran Hammer-Lahav > Sent: Thursday, 3 February 2011 7:34 PM > To: OAuth WG > > Subject: [OAUTH-WG] Bearer token type and scheme name (deadline: 2/10) > > > > After a long back-and-forth, I think it is time to present a few options and > have people express their preferences. > > > > These are the options mentioned so far and their +/-: > > > > 1. Descriptive, non-OAuth-specific scheme names (Bearer, MAC) > > … > > 2. Single OAuth2 scheme with sub-schemes > > … > > 3. Name prefix (e.g. oauth2_bearer) > > … > > 4. OAuth2 for bearer, MAC for mac > > … > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
