Re: [OAUTH-WG] Ignoring unrecognized request parameters

mer Cc: William Mills; oauth@ietf.org Subject: Re: [OAUTH-WG] Ignoring unrecognized request parameters It is a general problem with security protocols like SOAP, SAML, X.509. Sometimes when you define an extension you want to be certain that the Authorization server understands it, or you want a

Re: [OAUTH-WG] Ignoring unrecognized request parameters

-02-16, at 3:32 PM, William Mills wrote: > >> No, this is required for forward compatibility. Implementations that send >> extended parameters like capability advertisements (i.e. CAPTCHA support or >> something) shoudl not be broken hitting older implementations. >>

Re: [OAUTH-WG] Ignoring unrecognized request parameters

700 To: "oauth@ietf.org<mailto:oauth@ietf.org>" mailto:oauth@ietf.org>> Subject: [OAUTH-WG] Ignoring unrecognized request parameters In core -23, the last paragraph of section 3.1<http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1> now says: Th

Re: [OAUTH-WG] Ignoring unrecognized request parameters

.org>" mailto:oauth@ietf.org>> Subject: Re: [OAUTH-WG] Ignoring unrecognized request parameters If you have a generic client that works across multiple Authorization endpoints some that have extension X and others not, I can see that having the Authorization servers ignore unknown param

Re: [OAUTH-WG] Ignoring unrecognized request parameters

PTCHA support or > something) shoudl not be broken hitting older implementations. > > From: Mike Jones > To: "oauth@ietf.org" > Sent: Thursday, February 16, 2012 10:16 AM > Subject: [OAUTH-WG] Ignoring unrecognized request parameters > > In co

Re: [OAUTH-WG] Ignoring unrecognized request parameters

extended parameters like capability advertisements (i.e. CAPTCHA support or something) shoudl not be broken hitting older implementations. From: Mike Jones To: "oauth@ietf.org" Sent: Thursday, February 16, 2012 10:16 AM Subject: [OAUTH-WG] Ignoring un

Re: [OAUTH-WG] Ignoring unrecognized request parameters

ements (i.e. CAPTCHA support or > something) shoudl not be broken hitting older implementations. > > > From: Mike Jones > To: "oauth@ietf.org" > Sent: Thursday, February 16, 2012 10:16 AM > Subject: [OAUTH-WG] Ignoring unrecognized re

Re: [OAUTH-WG] Ignoring unrecognized request parameters

ot; Sent: Thursday, February 16, 2012 10:16 AM Subject: [OAUTH-WG] Ignoring unrecognized request parameters In core -23, the last paragraph of section 3.1 now says:       The authorization server MUST ignore unrecognized request parameters.   In -22, this said:    

Re: [OAUTH-WG] Ignoring unrecognized request parameters

And same change requested in 3.2 4.1.2, and 4.2.2, which also require ignoring unrecognized parameters. From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones Sent: Thursday, February 16, 2012 10:16 AM To: oauth@ietf.org Subject: [OAUTH-WG] Ignoring unrecognized

[OAUTH-WG] Ignoring unrecognized request parameters

In core -23, the last paragraph of section 3.1 now says: The authorization server MUST ignore unrecognized request parameters. In -22, this said: The authorization server SHOULD ignore unrecognized r