Am 09.05.2010 23:06, schrieb Eran Hammer-Lahav:
DEADLINE: 5/13
I would like to publish one more draft before our interim meeting in two weeks
(5/20). Below are two open issues we have on the list. Please reply with your
preference (or additional solutions) to each item. Issues with consensus will
be incorporated into the next draft. Those without will be discussed at the
meeting.
EHL
---
1. Server Response Format
After extensive debate, we have a large group in favor of using JSON as the
only response format (current draft). We also have a smaller group but with
stronger feelings on the subject that JSON adds complexity with no obvious
value.
A. Form-encoded only (original draft)
B. JSON only (current draft)
C. JSON as default with form-encoded and XML available with an optional request
parameter
I prefer B, but I also could live with C.
If the WG chooses C, I would suggest to support all three formats for
POST requests and responses. The default response format could be the
format of the request sent by the client, additionally the client could
indicate the desired format w/ a request parameter. That's propably a
new option D?
---
2. Client Authentication (in flows)
How should the client authenticate when making token requests? The current
draft defines special request parameters for sending client credentials. Some
have argued that this is not the correct way, and that the client should be
using existing HTTP authentication schemes to accomplish that such as Basic.
A. Client authenticates by sending its credentials using special parameters
(current draft)
B. Client authenticated by using HTTP Basic (or other schemes supported by the
server such as Digest)
Clearly B, I'm fine with using HTTP authentication schemes for client
authentication only. This is cleaner (and thus easier) than also using
BASIC/DIGEST authentication for user credentials in the "Username and
Password Flow".
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
