Standards have size limits to overcome operational issues all the time. For an extreme example look at the backflips that MIME goes through to insure that mail can be delivered by even the most hostile relay. (Including systems using EBCDIC, and systems that mangle payloads!)
If there are no bounds on the size of a token the end result is that some parts of the protocol move from MAY to MUST. For example, many firewall/proxy services in the wild will truncate URLs and even HTTP headers much shorter than the 4k normally assumed. Ergo, POST support is now a MUST. On Mar 10, 2010, at 8:30 AM, John Kemp wrote: > On Mar 10, 2010, at 11:16 AM, Moritz Maisel wrote: > >> On 03/10/2010 04:42 PM, John Kemp wrote: >>> One reason I can imagine is to make it possible to encode information into >>> the token itself so that the token can be "self-contained" (mentioned also >>> by others on this list). >>> >> >> Though thats an interesting option, compatibility of implementations >> might be easier to achieve by strict specifications like "maximum of 256 >> characters". > > Could you explain why you need to standardize a maximum token length, or why > you would want to standardize on implementations of a token store rather than > a token-exchange protocol here? > >> >> Just to get an idea about the situation: Is the mentioned >> "self-contained token" a common scenario / popular demand that needs to >> be covered? > > Yes it is. Several people on this list have already mentioned it. > > Regards, > > - johnk > >> >> Regards, >> Moritz >> >> -- >> sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf >> HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois >> Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391 >> >> www.sipgate.de - www.sipgate.at - www.sipgate.co.uk >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
