The scopes cross all of the profiles. I expect that restricting the character sets for bearer tokens, MAC, and other future variants should be dealt with in those profiles.
Without restricting scope in core, we leave the possibility of coming up with different rules in different profiles e.g. MAC vs Bearer. It is probably best to have one rule in core that works across all the profiles. John B. On 2011-10-16, at 7:19 PM, Richer, Justin P. wrote: > I think the limit makes sense, but then are tokens limited by the same rules? > They need to live in all the same places (query parameters, headers, forms) > that scopes do and would be subject to the same kinds of encoding woes that > scopes will. Or am I missing something obvious as to why this isn't a problem > for tokens (both bearer tokens and the public part of MAC tokens) but is a > problem for scope strings? > > -- Justin > ________________________________________ > From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] on behalf of John > Bradley [ve7...@ve7jtb.com] > Sent: Sunday, October 16, 2011 8:11 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & > Proposed Resolutions > > Restricting it now in the core spec is going to save a lot of headaches later. > > John B. > On 2011-10-16, at 3:54 PM, Eran Hammer-Lahav wrote: > >> It's an open question for the list. >> >> EHL >> >>> -----Original Message----- >>> From: Julian Reschke [mailto:julian.resc...@gmx.de] >>> Sent: Sunday, October 16, 2011 11:00 AM >>> To: Mike Jones >>> Cc: Tschofenig, Hannes (NSN - FI/Espoo); Hannes Tschofenig; OAuth WG; >>> Eran Hammer-Lahav >>> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & >>> Proposed Resolutions >>> >>> On 2011-10-16 18:44, Mike Jones wrote: >>>> As Eran wrote on 9/30, "The fact that the v2 spec allows a wide range of >>> characters in scope was unintentional. The design was limited to allow >>> simple >>> ASCII strings and URIs." >>>> ... >>> >>> I see. Thanks. >>> >>> Is this going to be clarified in -23? >>> >>> Best regards, Julian >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
