> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Brian Eaton > Sent: Thursday, February 03, 2011 11:58 PM > To: Manger, James H > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Bearer token type and scheme name (deadline: > 2/10) > > How do we reconcile "Bearer" with "Negotiate", "NTLM", "Basic", and > "GoogleLogin"? All of those examples are widely deployed and use bearer > tokens in Authorization headers. Should all of those switch to using the > "Bearer" scheme as well?
Basic and Digest use the same credentials, only in different ways. > Something like "Bearer" seems overly generic. Why do we think we are > qualified to claim "Bearer" for our own? We can use any name we want as long as it is not taken, and is not misleading. 'Bearer' passes this test. This is not a sexy namespace like link relations or HTML tags where everyone wants to claim a name. You define a scheme and name it. EHL > On Thu, Feb 3, 2011 at 8:24 PM, Manger, James H > <james.h.man...@team.telstra.com> wrote: > > +1 for #1 > > > > > > > > #2 is awful; #3 is unnecessary; #4 "OAuth2" just has less meaning > > than, say, "Bearer". > > > > #1 offers the cleanest separation between "using-a-token to > > authenticated a request" and "a delegation flow to authorize a client" > > which is likely to be helpful for lots of people now and in the future > > trying to get their heads around this complex space. > > > > > > > > -- > > > > James Manger > > > > > > > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Eran Hammer-Lahav > > Sent: Thursday, 3 February 2011 7:34 PM > > To: OAuth WG > > > > Subject: [OAUTH-WG] Bearer token type and scheme name (deadline: > 2/10) > > > > > > > > After a long back-and-forth, I think it is time to present a few > > options and have people express their preferences. > > > > > > > > These are the options mentioned so far and their +/-: > > > > > > > > 1. Descriptive, non-OAuth-specific scheme names (Bearer, MAC) > > > > ... > > > > 2. Single OAuth2 scheme with sub-schemes > > > > ... > > > > 3. Name prefix (e.g. oauth2_bearer) > > > > ... > > > > 4. OAuth2 for bearer, MAC for mac > > > > ... > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
