I think the limit makes sense, but then are tokens limited by the same rules? They need to live in all the same places (query parameters, headers, forms) that scopes do and would be subject to the same kinds of encoding woes that scopes will. Or am I missing something obvious as to why this isn't a problem for tokens (both bearer tokens and the public part of MAC tokens) but is a problem for scope strings?
-- Justin ________________________________________ From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] on behalf of John Bradley [ve7...@ve7jtb.com] Sent: Sunday, October 16, 2011 8:11 PM To: Eran Hammer-Lahav Cc: OAuth WG Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed Resolutions Restricting it now in the core spec is going to save a lot of headaches later. John B. On 2011-10-16, at 3:54 PM, Eran Hammer-Lahav wrote: > It's an open question for the list. > > EHL > >> -----Original Message----- >> From: Julian Reschke [mailto:julian.resc...@gmx.de] >> Sent: Sunday, October 16, 2011 11:00 AM >> To: Mike Jones >> Cc: Tschofenig, Hannes (NSN - FI/Espoo); Hannes Tschofenig; OAuth WG; >> Eran Hammer-Lahav >> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & >> Proposed Resolutions >> >> On 2011-10-16 18:44, Mike Jones wrote: >>> As Eran wrote on 9/30, "The fact that the v2 spec allows a wide range of >> characters in scope was unintentional. The design was limited to allow simple >> ASCII strings and URIs." >>> ... >> >> I see. Thanks. >> >> Is this going to be clarified in -23? >> >> Best regards, Julian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
