On 04/20/2012 07:17 AM, Derek Atkins wrote:
<OAUTH Chair Hat> Note that this is a replay of the historical "MUST Implement" versus "MUST Use" arguments. Just because the server MUST IMPLEMENT JSON and XML does not mean that a Client must use both (or even that a client must implement both). It is perfectly reasonable and generally acceptable to have a server that provides data in multiple formats whereas the client only supports a subset and specifies which format(s) are acceptable. </OAUTH Char Hat> -derek
To Paul's point about how easy it is for a server to support both, I'd retort that it's equally easy for a client to gin up JSON instead of XML. Pity the poor programmer who can't get their head around that gigantic change. On the other hand, having to support XML and JSON is an ongoing maintenance headache server-side. Why do it? There isn't even the dubious religious war like back in the day saying that binary encoded ASN.1 was "better/faster/stacks and cleans dishes" than "human readable" XML. XML is just a clunky and past its prime text encoding at this point. Requiring it smacks of nostalgia to me. Mike _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth