Are quotes a problem? I think it's simpler if we leave them out.
________________________________
From: Eran Hammer-Lahav <e...@hueniverse.com>
To: William Mills <wmi...@yahoo-inc.com>; "Thomson, Martin"
<martin.thom...@commscope.com>; Mike Jones <michael.jo...@microsoft.com>;
Marius Scurtescu <mscurte...@google.com>; Phil Hunt <phil.h...@oracle.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Wednesday, October 5, 2011 10:28 AM
Subject: RE: [OAUTH-WG] Possible alternative resolution to issue 26
It should be much simpler than that. The v2 spec should simply limit the
character set to printable ascii with special meaning for space. Beyond that,
these are just ascii strings which can be URIs or anything else. If the server
choose to use these strings with some internal meaning (i.e. URI or encoded
data), it should specify how normalization may occure.
But the point is, these are meant to be opaque, space-delimited string. Any
interop beyond that requires additional specification (e.g. comma delimited
inner string values, etc.).
It would be really helpful if people provide actual use cases and requirements.
Everything I have seen so far will work just fine with a limited ascii set.
EHL
From:oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
William Mills
Sent: Tuesday, October 04, 2011 4:56 PM
To: Thomson, Martin; Mike Jones; Marius Scurtescu; Phil Hunt
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
Allowing URI requires allowing % encoding, which is workable. As far as the
protocol goes URI is a form of space separated string and the protocol doesn't
care. URI doesn't include quote or qhitespace in the allowed characters so
there's no problem there.
I agree that we'd have to write it such that it's clear you don't have to use
a URI. Drawing from
http://labs.apache.org/webarch/uri/rev-2002/rfc2396bis.html#path perhaps the
allowed charset becomes
scope = *( unreserved / reserved / pct-encoded )
with the clarification that a scope MAY take the form of a properly formatted
URI.
-bill
________________________________
From:"Thomson, Martin" <martin.thom...@commscope.com>
To: Mike Jones <michael.jo...@microsoft.com>; Marius Scurtescu
<mscurte...@google.com>; Phil Hunt <phil.h...@oracle.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Tuesday, October 4, 2011 4:08 PM
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
On 2011-10-05 at 05:07:06, Mike Jones wrote:
> Existing practice is that simple ASCII strings like "email" "profile",
> "openid", etc. are used as scope elements. Requiring them to be URIs
> would break most existing practice.
Constraining syntax to an ascii token OR a URI (relative reference) might
work. Anything with a colon can be interpreted as a URI; anything without
better use a constrained set of characters.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
