On 2012-01-04 23:17, Mike Jones wrote:
There are actually two parts to “this” as I see it:
1. Defining the syntax for the acceptable contents of the scope, error,
error_description, and error_uri parameters.
2. Defining the means by which these values are transmitted in
WWW-Authenticate response header fields for Bearer tokens.
I would be fine seeing part 1 added to the core spec. (In fact, there is
a tracked issue OAuth ticket 27
<http://trac.tools.ietf.org/wg/oauth/trac/ticket/27> requiring that this
occur for the scope parameter.) Given that the core spec is, by design,
agnostic of the method used to access protected resource (including
being agnostic of the use of the WWW-Authenticate field by the Bearer
spec), I believe that it would be inappropriate to add part 2 to the
core spec.
...
+1
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
