On Wed, Oct 19, 2011 at 10:26 AM, Mike Jones <michael.jo...@microsoft.com> wrote: > Yes, it covers all the characters legal in URIs. Per earlier discussion on > the list, scopes are not restricted to being URIs, as existing practice > includes scope elements that are not URIs such as "email" "profile", and > "openid".
All those simple words are URIs. They are relative URIs (just the path), but URIs nonetheless. Marius > > -- Mike > > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of > Marius Scurtescu > Sent: Wednesday, October 19, 2011 10:24 AM > To: Julian Reschke > Cc: OAuth WG > Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed > Resolutions > > Marius > > > > On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.resc...@gmx.de> wrote: >> On 2011-10-18 17:38, Eran Hammer-Lahav wrote: >>> >>> Space is allowed inside a quoted string and is already not allowed >>> inside each scope string. >>> >>> EHL >>> ... >> >> a) yes. >> >> b) well: >> >> The value of the scope parameter is expressed as a list of space- >> delimited, case sensitive strings. The strings are defined by the >> authorization server. If the value contains multiple >> space-delimited >> strings, their order does not matter, and each string adds an >> additional access range to the requested scope. >> >> That certainly implies that you can't have a space inside a token, but >> it could be clearer. >> >> Optimally, state the character repertoire precisely: >> >> scopetokenchar = %x21 / %x23-5B / %x5D-7E >> ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII >> >> ? > > Is this covering all characters allowed in a URI? Why not define scopes as a > list of URIs? > >> >> Best regards, Julian >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
