Justin,
>From a purely implementation view, since RFC 6749 has already defined Scope, I think it will only confuse implementers if the format of Scope is not consistent. In defining how to merge RFC 6749 with the ESPI Standard, I have found the Scope parameter to be one of hardest concepts to describe how to implement and evaluate its contents. To begin using multiple formats to define the same parameter will only lead to confusion and chaos. While I understand the end result of parsing the Scope parameter naturally leads to an array. I view that as an implementation issue and not relevant to a specification, especially since RFC 6749 has already set a documentation precedent.. Best regards, Don Donald F. Coffin Founder/CTO REMI Networks 22751 El Prado Suite 6216 Rancho Santa Margarita, CA 92688-3836 Phone: (949) 636-8571 Email: <mailto:donald.cof...@reminetworks.com> donald.cof...@reminetworks.com From: Justin Richer [mailto:jric...@mitre.org] Sent: Wednesday, January 30, 2013 2:29 PM To: Todd W Lainhart Cc: IETF oauth WG Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope syntax It's not meant to follow the same syntax. Instead, it's making use of the JSON object structure to avoid additional parsing of the values on the client side. We could fairly easily define it as the same space-delimited string if enough people want to keep the scope format consistent. -- Justin On 01/30/2013 05:27 PM, Todd W Lainhart wrote: That the scope syntax in draft-richer-oauth-introspection-01 is different than RFC 6749 Section 3.3, as in: "scope": ["read", "write", "dolphin"], vs. scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) Should introspection-01 follow the 6749 syntax for scopes? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
