On Thu, Apr 22, 2010 at 6:11 PM, Manger, James H <james.h.man...@team.telstra.com> wrote: > We mustn't drop advertisements (details in 401 responses). > We mustn't drop the goal of a standard for interoperability.
I share the goals, I just don't think that a specification is the way to get there. I think working examples in the wild would help enormously. > Defining a scope field in a 401 response is the novel aspect that “might not > actually work”. Allowing a 'scope' query parameter in authz URIs is be quite > separate. Yeah, I agree with that analysis. Though I don't know of any providers that are returning authorization URLs in 401 responses right now. That's novel, too. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth