Sorry, I'm asking why these scopes at all? I personally have never seen any of them used ever (and I'm not being hyperbolic), How did you come up with these suggestions?
On Sun, Apr 2, 2023 at 8:46 PM Clinton Bunch <cdb_i...@zentaur.org> wrote: > On 4/2/2023 1:34 PM, Warren Parad wrote: > > I propose a set of nine well-known scopes > > > Can you elaborate on what you mean by "well-known"? Is there some > canonical list, where these were pulled from? > > I was trying to avoid the use of standard, as that implies they must be > used. To encourage adoption, I didn't want to imply that the large > providers would be required to change their software to accommodate these, > though it would be nice if they did. These scopes are not currently in use > as far as I know. > > The sense of well-known is that once this was published they would be > well-known scopes that could be implemented with well-defined semantics. > > > - Warren > > On Sun, Apr 2, 2023 at 8:12 PM Clinton Bunch <cdb_i...@zentaur.org> wrote: > >> This seemed the most appropriate working group to post this suggestion. >> >> I would like to see a new Internet-Draft/RFC to add some well-known >> scopes to the IANA registry to promote adoption of Oauth in Groupware >> domains. I will try to write it myself, but have no experience with >> I-Ds or as a technical writer and could use some help. >> >> Since the publication of RFC 7628 there is a push to migrate groupware >> servers to use Oauth2. This is hampered by the fact that there are >> several different server implementations and client implementations are >> often written by different organizations with little overlap. One of >> the barriers to widespread adoption is that each authorization server >> has a different set of scopes to cover the necessary user >> authorizations. One groupware client I know has only a few Auth Servers >> available that are hardcoded and nearly every one has a different set of >> scopes. Servers have to have appropriate scopes configured by the >> administrator in order for the server to know which scopes to check. It >> also makes it hard for clients to know which scopes to request without >> some sort of configuration file provided by the domain or worse, having >> the user enter the appropriate scopes by hand. The latter especially >> seems like a support headache for the admin of the groupware servers. >> >> I propose a set of nine well-known scopes be added to the Oauth URI IANA >> registry to address this. >> >> urn:ietf:params:oauth:scope:mail:read - Authorization to read >> email (IMAP,POP) >> urn:ietf:params:oauth:scope:mail:send - Authorization to send >> mail on the user's behalf (SMTP) >> urn:ietf:params:oauth:scope:mail - Combination of the >> previous two scopes >> urn:ietf:params:oauth:scope:calendar:read - Authorization to read >> calendar entries >> urn:ietf:params:oauth:scope:calendar:update - Authorization to >> update/create/delete calendar entries >> urn:ietf:params:oauth:scope:calendar - Combination of the >> previous two scopes >> urn:ietf:params:oauth:scope:contacts:read - Authorization to read >> contacts information >> urn:ietf:params:oauth:scope:contacts:update - Authorization to >> update/create/delete contact information. >> urn:ietf:params:oauth:scope:contacts - Combination of the >> previous two scopes >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
