Allowing URI requires allowing % encoding, which is workable. As far as the
protocol goes URI is a form of space separated string and the protocol doesn't
care. URI doesn't include quote or qhitespace in the allowed characters so
there's no problem there.
I agree that we'd have to write it such that it's clear you don't have to use
a URI. Drawing from
http://labs.apache.org/webarch/uri/rev-2002/rfc2396bis.html#path perhaps the
allowed charset becomes
scope = *( unreserved / reserved / pct-encoded )
with the clarification that a scope MAY take the form of a properly formatted
URI.
-bill
________________________________
From: "Thomson, Martin" <martin.thom...@commscope.com>
To: Mike Jones <michael.jo...@microsoft.com>; Marius Scurtescu
<mscurte...@google.com>; Phil Hunt <phil.h...@oracle.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Tuesday, October 4, 2011 4:08 PM
Subject: Re: [OAUTH-WG] Possible alternative resolution to issue 26
On 2011-10-05 at 05:07:06, Mike Jones wrote:
> Existing practice is that simple ASCII strings like "email" "profile",
> "openid", etc. are used as scope elements. Requiring them to be URIs
> would break most existing practice.
Constraining syntax to an ascii token OR a URI (relative reference) might
work. Anything with a colon can be interpreted as a URI; anything without
better use a constrained set of characters.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
