ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The

2012-01-24 18:29:18
from [Martin Rex] [Permanent Link] 
Mike Jones wrote:


Per the discussion at
   http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html,
the working group's rationale for supporting quoted-string but
not token syntax for these parameters, and for requiring that
backslash ('\') quoting not be used when producing them [...]


I'm slightly confused...

Instead of inappropriately re-specifying the WWW-Authenticate:, how about
referencing the original specification an rules, and then add
your desired requirements for *creation* of the contents on top of that,
so that oauth-bearer can permit recipients to reject stuff that doesn't fit
the additional "send-requirements" when processing the request.

I would assume that pretty much all authentication schemes will effectively
require subsetting of what can be conveyed to what they can parse,
and further subset this to what they can successfully verify, and reject
everything else -- without having to rewrite the WWW-Authenticate syntax.


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard, Julian Reschke
Next by Date:  RE: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The, Mike Jones
Previous by Thread:  RE: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard, Mike Jones
Next by Thread:  RE: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The, Mike Jones
Indexes:  [Date] [Thread] [Top] [All Lists]