Zitat von Brian Eaton <bea...@google.com>:

On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore <blowm...@gmail.com> wrote:
On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland <yar...@microsoft.com> wrote:

Can we please just have one format, not 3? The more choices we give the
more interoperability suffers.

Yes.  The number of parsers needed to make a working system is
important.  The spec has too many already.

I'd like to see authorization servers returning JSON or XML, since
that's what the resource servers are doing.

...and given a choice between JSON and XML, I'd pick JSON.


I agree. At Deutsche Telekom, we try to align our authorization APIs with the
APIs provided by the resource servers. Authorization is "just" a small, but
important, portion of the overall process and aligning it with the rest
increases acceptance and decreases error rate.

None of the APIs we provide uses form encoding, most of them use JSON, some XML.
Based on that observation I would like to see at least JSON support in OAuth.
So JSON as the only would be fine with me.

My proposal is based on the observation that the WG did not come to a consensus
about the one and only format.

I have collected the following opinions from the thread:

pro additional support for JSON and XML - Marius Scurtescu, John Jawed, Richard Barnes, Brian Eaton, Torsten Lodderstedt pro additional support for JSON - Dick Hardt (initiated the thread), Joseph Smarr still support application/x-www-form-urlencoded (unclear whether exclusively) - David Recordon, Gaurav Rastogi
one format only (preference unclear) - Yaron Goland
JSON as the only format (if forced to decide for a single format) - Brian Eaton, Torsten Lodderstedt
JSON as the only format - James Manger, Robert Sayre
application/x-www-form-urlencoded as the only format - Mike Moore
JSON for responses as well - Marius Scurtescu

Here are some representative comments from the thread:

Joseph Smarr - "JSON is already widely supported (presumably including by most APIs that you're building OAuth support to be able to access!"

David Recordon - "it's drastically more complex for environments (like embedded hardware)
which doesn't support JSON."

Paul C. Bryan - "I'm struggling to imagine hardware that on the one hand would support
OAuth, but on the other would be incapable of supporting JSON..."

Gaurav Rastogi - "There are enough number of small embedded software stack where JSON is not an option."

So we have at least 9 votes pro JSON, but also 1 vote for application/x-www-form-urlencoded only.

How shall we proceed? Can we come to a consensus?

regards,
Torsten.

Cheers,
Brian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to