I'll add something to the draft and we'll discuss it. There is enough consensus on a single JSON response format.
EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Torsten Lodderstedt > Sent: Friday, April 30, 2010 2:00 AM > To: Brian Eaton > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > > Zitat von Brian Eaton <bea...@google.com>: > > > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore <blowm...@gmail.com> > wrote: > >> On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland <yar...@microsoft.com> > wrote: > >>> > >>> Can we please just have one format, not 3? The more choices we give > >>> the more interoperability suffers. > > > > Yes. The number of parsers needed to make a working system is > > important. The spec has too many already. > > > > I'd like to see authorization servers returning JSON or XML, since > > that's what the resource servers are doing. > > > > ...and given a choice between JSON and XML, I'd pick JSON. > > > > I agree. At Deutsche Telekom, we try to align our authorization APIs with the > APIs provided by the resource servers. Authorization is "just" a small, but > important, portion of the overall process and aligning it with the rest > increases acceptance and decreases error rate. > > None of the APIs we provide uses form encoding, most of them use JSON, > some XML. > Based on that observation I would like to see at least JSON support in OAuth. > So JSON as the only would be fine with me. > > My proposal is based on the observation that the WG did not come to a > consensus about the one and only format. > > I have collected the following opinions from the thread: > > pro additional support for JSON and XML - Marius Scurtescu, John Jawed, > Richard Barnes, Brian Eaton, Torsten Lodderstedt pro additional support for > JSON - Dick Hardt (initiated the thread), Joseph Smarr still support > application/x-www-form-urlencoded (unclear whether > exclusively) - David Recordon, Gaurav Rastogi one format only (preference > unclear) - Yaron Goland JSON as the only format (if forced to decide for a > single format) - Brian Eaton, Torsten Lodderstedt JSON as the only format - > James Manger, Robert Sayre application/x-www-form-urlencoded as the > only format - Mike Moore JSON for responses as well - Marius Scurtescu > > Here are some representative comments from the thread: > > Joseph Smarr - "JSON is already widely supported (presumably including by > most APIs that you're building OAuth support to be able to access!" > > David Recordon - "it's drastically more complex for environments (like > embedded hardware) which doesn't support JSON." > > Paul C. Bryan - "I'm struggling to imagine hardware that on the one hand > would support OAuth, but on the other would be incapable of supporting > JSON..." > > Gaurav Rastogi - "There are enough number of small embedded software > stack where JSON is not an option." > > So we have at least 9 votes pro JSON, but also 1 vote for application/x-www- > form-urlencoded only. > > How shall we proceed? Can we come to a consensus? > > regards, > Torsten. > > > Cheers, > > Brian > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
