I'm not saying we should not make URIs valid scopes. I'm saying that I think
it's confusing and unnecessary to state that scopes are URIs. I'd be much
happier if we say "The definition of scope allows URIs to be used if needed."
or some such.
________________________________
From: Marius Scurtescu <mscurte...@google.com>
To: William Mills <wmi...@yahoo-inc.com>
Cc: Julian Reschke <julian.resc...@gmx.de>; OAuth WG <oauth@ietf.org>
Sent: Wednesday, October 19, 2011 11:23 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed
Resolutions
On Wed, Oct 19, 2011 at 11:15 AM, William Mills <wmi...@yahoo-inc.com> wrote:
>> Is this covering all characters allowed in a URI? Why
>> not define scopes as a list of URIs?
> I'd rather not do this because people will presume unless we add even more
> text to explain it that they need to have the form scheme://host/path or
> some such.
Which is not necessarily a bad thing. It allows systems to scale and
interoperate.
> It's an opportunity to bloat scopes far out of proportion to
> what is actually needed.
>
> ________________________________
> From: Marius Scurtescu <mscurte...@google.com>
> To: Julian Reschke <julian.resc...@gmx.de>
> Cc: OAuth WG <oauth@ietf.org>
> Sent: Wednesday, October 19, 2011 10:23 AM
> Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues &
> Proposed Resolutions
>
> Marius
>
>
>
> On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.resc...@gmx.de>
> wrote:
>> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>>
>>> Space is allowed inside a quoted string and is already not allowed inside
>>> each scope string.
>>>
>>> EHL
>>> ...
>>
>> a) yes.
>>
>> b) well:
>>
>> The value of the scope parameter is expressed as a list of space-
>> delimited, case sensitive strings. The strings are defined by the
>> authorization server. If the value contains multiple space-delimited
>> strings, their order does not matter, and each string adds an
>> additional access range to the requested scope.
>>
>> That certainly implies that you can't have a space inside a token, but it
>> could be clearer.
>>
>> Optimally, state the character repertoire precisely:
>>
>> scopetokenchar = %x21 / %x23-5B / %x5D-7E
>> ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>>
>> ?
>
> Is this covering all characters allowed in a URI? Why not define
> scopes as a list of URIs?
>
>>
>> Best regards, Julian
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
