FWIW, I agree with Brian - it should say OAuth somewhere, because it's an OAuth token. My vote would be for OAuth2 for bearer tokens, and OAuth2Signed for MAC tokens, for all the backward-compatibility issues with oauth_bearer, etc.
Dirk. On Fri, Feb 4, 2011 at 12:07 AM, Eran Hammer-Lahav <e...@hueniverse.com>wrote: > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Brian Eaton > > Sent: Thursday, February 03, 2011 11:58 PM > > To: Manger, James H > > Cc: OAuth WG > > Subject: Re: [OAUTH-WG] Bearer token type and scheme name (deadline: > > 2/10) > > > > How do we reconcile "Bearer" with "Negotiate", "NTLM", "Basic", and > > "GoogleLogin"? All of those examples are widely deployed and use bearer > > tokens in Authorization headers. Should all of those switch to using the > > "Bearer" scheme as well? > > Basic and Digest use the same credentials, only in different ways. > > > Something like "Bearer" seems overly generic. Why do we think we are > > qualified to claim "Bearer" for our own? > > We can use any name we want as long as it is not taken, and is not > misleading. 'Bearer' passes this test. This is not a sexy namespace like > link relations or HTML tags where everyone wants to claim a name. You define > a scheme and name it. > > EHL > > > On Thu, Feb 3, 2011 at 8:24 PM, Manger, James H > > <james.h.man...@team.telstra.com> wrote: > > > +1 for #1 > > > > > > > > > > > > #2 is awful; #3 is unnecessary; #4 "OAuth2" just has less meaning > > > than, say, "Bearer". > > > > > > #1 offers the cleanest separation between "using-a-token to > > > authenticated a request" and "a delegation flow to authorize a client" > > > which is likely to be helpful for lots of people now and in the future > > > trying to get their heads around this complex space. > > > > > > > > > > > > -- > > > > > > James Manger > > > > > > > > > > > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > > Of Eran Hammer-Lahav > > > Sent: Thursday, 3 February 2011 7:34 PM > > > To: OAuth WG > > > > > > Subject: [OAUTH-WG] Bearer token type and scheme name (deadline: > > 2/10) > > > > > > > > > > > > After a long back-and-forth, I think it is time to present a few > > > options and have people express their preferences. > > > > > > > > > > > > These are the options mentioned so far and their +/-: > > > > > > > > > > > > 1. Descriptive, non-OAuth-specific scheme names (Bearer, MAC) > > > > > > ... > > > > > > 2. Single OAuth2 scheme with sub-schemes > > > > > > ... > > > > > > 3. Name prefix (e.g. oauth2_bearer) > > > > > > ... > > > > > > 4. OAuth2 for bearer, MAC for mac > > > > > > ... > > > > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
