On Thu, Feb 3, 2011 at 12:34 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > 1. Descriptive, non-OAuth-specific scheme names (Bearer, MAC)
I vote #1. In addition to the pros/cons Eran mentioned, it seems the simplest and cleanest so will cause the least confusion. William and others brought up backward compatibily, but, supposing #1 "wins", I don't see a need to support "legacy" #4 in the spec. I feel it can be addressed by implementors without loss of full compliance. Phil's note about reserving OAUTH2 as a scheme name makes more sense to me than supporting it. I do not disagree with any of Eran's analysis, though #4, which I am voting against, has a couple of the same benefits as #1: - works cleanly with the HTTP authentication framework by simply defining new methods or reusing existing ones. - built-in discovery using 401 challenge header for which schemes are supported (with their respective information). Mike Adams _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
