>> This is mostly fine, but I am wondering if the ACAP vendor name registry (RFC >> 6075), the OID vendor names, or DNS names can be recommended for the >> prefix (to satisfy the "SHOULD be prefixed by an identifying name when >> possible" requirement)? ... > The main reason for allowing this kind of extensibility is to align the > protocol > with common practice which is to add vendor specific parameters without > registration. Expecting vendors (and there are going to be hundreds of > them, unlike the handful of companies in the ACAP registry) to follow > another registry (especially one like ACAP) is just not practical for this > particular use case. > > Also, given that we are talking about URI query parameters which tend > to be short, using DNS names is unlikely to win much adoption. Reality > is, there are already plenty of such parameters deployed with OAuth > 1.0 and 2.0 drafts.
Makes sense. > I would like to ask the chairs to close this issue with no additional changes. I think that's right. Alexey, any further objection or comment? Barry, as chair _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
