The core spec says "The strings are defined by the authorization server" (see
http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3). I don't see a
reason to change that - especially this late in the game. I am not introducing
any standardized or reserved values.
My intent is not require or even suggest that scope values should be URIs. My
intent is to not preclude them from being so.
-- Mike
-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofe...@gmx.net]
Sent: Friday, October 14, 2011 11:27 AM
To: Mike Jones
Cc: Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed
Resolutions
Hi Mike,
On Oct 14, 2011, at 6:42 PM, Mike Jones wrote:
> 2. Scope - I was planning to allow a broader set of ASCII characters than
> the "token" set, as these characters are inadequate for the use of URIs/URLs
> as scope elements. In particular, scope elements need to permit the full
> sets of "reserved" and "unreserved" characters in RFC 3986. The draft I am
> working on will say that scope is a space separated set of elements, where
> the elements consist of one or more characters from the union of the
> "reserved" and "unreserved" sets.
Wouldn't it be more useful to say that you either want some plaintext values
for the scope or URLs but not both?
Also, if you want to introduce "standardized" (or reserved values) then you
have to
a) specify them now (with no ability to change them), or
b) prefix them.
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
