On 2011-10-16 07:12, Mike Jones wrote:
In your note yesterday summarizing our proposed issue resolutions, you wrote "The
scope field is yet another item that will not be shown to the user and it serves the
purpose of an identifier for authorization comparison. So, we don't need to have any
internationalization support here either."
I'm therefore confused by your note below, Hannes, as it seems to me to
contradict both your statement above. In particular, there's no need for
Unicode encodings when internationalization isn't required. ASCII characters
are fine for representing machine-readable scope elements that will never be
displayed to users. That's the approach I'm taking in draft 10. (And indeed,
EVERY draft of the bearer token spec has specified only ASCII characters, so
this is nothing new...)
Confused we are :-)
The core spec doesn't restrict what can be in a scope (looking at
<https://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3>).
Also, you wrote earlier on:
> Any strings that the Authorization Server chooses to define meanings for
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
