>> Existing practice is that simple ASCII strings like "email" "profile", >> "openid", etc. are used as scope elements. Â Requiring them to be URIs >> would break most existing practice. > > Constraining syntax to an ascii token OR a URI (relative reference) might > work. Â Anything with a colon can be interpreted as a URI; anything without > better use a constrained set of characters.
This sounds like a good compromise. URI encoding is already specified elsewhere, and then ASCII tokens can be limited as they already are, with no encoding. Are there any objections to this approach? Barry _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
