Re: [OAUTH-WG] Definition of XML response format

2010-06-15 Thread Kris Selden
rg] On Behalf Of > Andrew Arnott > Sent: Friday, June 04, 2010 5:56 AM > To: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Definition of XML response format > > In the absence of anyone else volunteering an XML format, what would you say > to this as a proposal (be

Re: [OAUTH-WG] Definition of XML response format

2010-06-15 Thread Kris Selden
r for now. > > EHL > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of > Andrew Arnott > Sent: Friday, June 04, 2010 5:56 AM > To: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Definition of XML response format > > In the absence of anyon

Re: [OAUTH-WG] Definition of XML response format

2010-06-15 Thread William Mills
] Definition of XML response format In the absence of anyone else volunteering an XML format, what would you say to this as a proposal (because the implementation of which happens to be simple for me): some access token some refresh token

Re: [OAUTH-WG] Definition of XML response format

2010-06-15 Thread Andrew Arnott
f *Andrew Arnott > *Sent:* Friday, June 04, 2010 5:56 AM > *To:* OAuth WG (oauth@ietf.org) > > *Subject:* Re: [OAUTH-WG] Definition of XML response format > > > > In the absence of anyone else volunteering an XML format, what would you > say to this as a proposal (because

Re: [OAUTH-WG] Definition of XML response format

2010-06-15 Thread Eran Hammer-Lahav
ndrew Arnott Sent: Friday, June 04, 2010 5:56 AM To: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] Definition of XML response format In the absence of anyone else volunteering an XML format, what would you say to this as a proposal (because the implementation of which happens to be simple f

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Anthony Nadalin
) Subject: Re: [OAUTH-WG] Definition of XML response format Thanks, George. From that I get this: token secret >From the text around it, it sounds like SPs were permitted to add to this >(presumably using their own element names). While this seems reasonable, it >s

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Kris Selden
How about keeping it even more flat and compact: This also is more simple on the DOM side, just doc.root['access_token'] instead of traversing or xpath. Anyway, I think OAuth 2 is better served in general by the KISS principle . -Kris On Jun 4,

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Brian Campbell
At the risk of betraying my SAML roots, I'd suggest that if name-space and typing like functionality is desired, we not try and reinvent the wheel and actually use a schema. After all, is effectively an attempt at nonstandard namespacing and is the same kind of thing for data typing. XML Schem

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Justin Richer
I'd personally rather see something flatter, even with an implied root namespace defined in the spec. Maybe like: asdfasoij234f 2f098jadfasdfasdf 300 Mirroring the key-value format for the JSON and form-encoded forms, this keeps the field names as elements and the values a

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread George Fletcher
So, now that OAuth 2 is not solely SP-centric, it probably makes sense to change some of the encoding (this was written in 2008) :) Also, the interaction with the Authorization server is more constrained than the interaction with the resource owner so that also allows for simplification. I do

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Andrew Arnott
Thanks, George. From that I get this: token secret >From the text around it, it sounds like SPs were permitted to add to this (presumably using their own element names). While this seems reasonable, it seems that SP-specific extensions that used alternate element names would t

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread George Fletcher
I don't know if this is helpful or not... but there was a proposed extension for OAuth 1.0 dealing with encoding OAuth responses in different body formats... this can be found on the now extinct oauth-extensions google group. http://groups.google.com/group/oauth-extensions/browse_thread/thread

Re: [OAUTH-WG] Definition of XML response format

2010-06-04 Thread Andrew Arnott
In the absence of anyone else volunteering an XML format, what would you say to this as a proposal (because the implementation of which happens to be simple for me): some access token some refresh token 235298298 So the main points here is: 1. no namespace 2. root tag is called

[OAUTH-WG] Definition of XML response format

2010-05-31 Thread Andrew Arnott
Where is the definition of how a auth server response in XML format should look? At the least we need an XML namespace and root node name. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre