Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike Jones wrote:
> 
> Per the discussion at
>    http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html,
> the working group's rationale for supporting quoted-string but
> not token syntax for these parameters, and for requiring that
> backslash ('\') quoting not be used when producing them [...]

I'm slightly confused...

Instead of inappropriately re-specifying the WWW-Authenticate:, how about
referencing the original specification an rules, and then add
your desired requirements for *creation* of the contents on top of that,
so that oauth-bearer can permit recipients to reject stuff that doesn't fit
the additional "send-requirements" when processing the request.

I would assume that pretty much all authentication schemes will effectively
require subsetting of what can be conveyed to what they can parse,
and further subset this to what they can successfully verify, and reject
everything else -- without having to rewrite the WWW-Authenticate syntax.


-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]