I meant HTTP authentication scheme (given the topic, that was implied). EHL
> -----Original Message----- > From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie] > Sent: Saturday, June 11, 2011 5:12 AM > To: Eran Hammer-Lahav > Cc: Marius Scurtescu; John Kemp; paul Tarjan; OAuth WG > Subject: Re: [OAUTH-WG] consistency of token param name in bearer token > type > > > > On 10/06/11 23:17, Eran Hammer-Lahav wrote: > > Extensibility in authentication schemes is a bad thing, given how they are > deployed and the difficulty of changing them. No existing authentication > scheme is extensible (explicitly). > > Maybe that statement is a tad too general? [1] > > S. > > [1] http://tools.ietf.org/html/rfc3748 > > > > > > EHL > > > >> -----Original Message----- > >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > >> Behalf Of Marius Scurtescu > >> Sent: Friday, June 10, 2011 10:39 AM > >> To: John Kemp > >> Cc: paul Tarjan; OAuth WG > >> Subject: Re: [OAUTH-WG] consistency of token param name in bearer > >> token type > >> > >> On Fri, Jun 10, 2011 at 9:34 AM, John Kemp <j...@jkemp.net> wrote: > >>> George, > >>> > >>> On Jun 10, 2011, at 4:11 PM, George Fletcher wrote: > >>> > >>>> I definitely don't want to change the Authorization header naming > >> scheme. I believe it should stay 'Bearer' because that's what the > >> token is. We could make it... > >>>> > >>>> Authorization: Bearer access_token=vF9dft4qmT > >>>> > >>>> If that helps with consistency. > >>> > >>> Well, it might seem more consistent, but I'm not sure it's > >>> worthwhile to > >> make the change just for that reason. > >>> > >>> Is it possible that the Bearer HTTP mechanism would ever take > >>> multiple > >> parameters? In which case, having the ability to name the parameters > >> of the Bearer mechanism might become more interesting. > >> > >> Hard to say, but using a proper name/value pair has several advantages: > >> - permits extensibility > >> - no need to limit or define character set of access tokens (name is > >> either "token" or "quoted string") > >> - HTTP header parsers can properly deal with name/value pairs > >> > >> If we make changes to the GET/POST parameter name then I think we > >> should also consider the header as well. > >> > >> Marius > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
