On 10/06/11 23:17, Eran Hammer-Lahav wrote: > Extensibility in authentication schemes is a bad thing, given how they are > deployed and the difficulty of changing them. No existing authentication > scheme is extensible (explicitly).
Maybe that statement is a tad too general? [1] S. [1] http://tools.ietf.org/html/rfc3748 > > EHL > >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Marius Scurtescu >> Sent: Friday, June 10, 2011 10:39 AM >> To: John Kemp >> Cc: paul Tarjan; OAuth WG >> Subject: Re: [OAUTH-WG] consistency of token param name in bearer token >> type >> >> On Fri, Jun 10, 2011 at 9:34 AM, John Kemp <j...@jkemp.net> wrote: >>> George, >>> >>> On Jun 10, 2011, at 4:11 PM, George Fletcher wrote: >>> >>>> I definitely don't want to change the Authorization header naming >> scheme. I believe it should stay 'Bearer' because that's what the token is. >> We >> could make it... >>>> >>>> Authorization: Bearer access_token=vF9dft4qmT >>>> >>>> If that helps with consistency. >>> >>> Well, it might seem more consistent, but I'm not sure it's worthwhile to >> make the change just for that reason. >>> >>> Is it possible that the Bearer HTTP mechanism would ever take multiple >> parameters? In which case, having the ability to name the parameters of the >> Bearer mechanism might become more interesting. >> >> Hard to say, but using a proper name/value pair has several advantages: >> - permits extensibility >> - no need to limit or define character set of access tokens (name is either >> "token" or "quoted string") >> - HTTP header parsers can properly deal with name/value pairs >> >> If we make changes to the GET/POST parameter name then I think we >> should also consider the header as well. >> >> Marius >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
