Are quotes a problem? I think it's simpler if we leave them out.
From: Eran Hammer-Lahav
To: William Mills ; "Thomson, Martin"
; Mike Jones ;
Marius Scurtescu ; Phil Hunt
Cc: "oauth@ietf.org WG"
Sent: Wednesday, October 5, 2011 10:28 AM
Subject: RE: [OAUTH-
It should be much simpler than that. The v2 spec should simply limit the
character set to printable ascii with special meaning for space. Beyond that,
these are just ascii strings which can be URIs or anything else. If the server
choose to use these strings with some internal meaning (i.e. URI o
+1
I would also prefer to not restrict scope values but provide clear
encoding for places where transport is going to be an issue. This is
what we do with tokens, which show up in the same places. Am I missing
the reason we can't use the exact same rules (modulo the single space
character) that ap
On 2011-10-05 01:56, William Mills wrote:
Allowing URI requires allowing % encoding, which is workable. As far as
the protocol goes URI is a form of space separated string and the
protocol doesn't care. URI doesn't include quote or qhitespace in the
allowed characters so there's no problem there.
On 2011-10-05 01:52, Mark Lentczner wrote:
I think James has made the case that there is an issue clear.
As for what to pick, I favor not restricting scopes in the core spec,
and clearly specifying the way scopes will be presented in HTTP headers
in the bearer spec.
For the later, James supplie
