I don't have a strong objection to it. I still think that, if this is
allowed (even as a SHOULD NOT), we need clarity that any query
parameters that are used to scope queries to an application necessarily
form part of the resource parameter. It's significantly less important,
though, now that the practice is discouraged, and I won't mind if you go
ahead without adding such text.
/a
On 9/5/19 4:01 PM, Barry Leiba wrote:
Thanks, Brian. I hope Adam is happy with that as well.
Barry
On Thu, Sep 5, 2019 at 3:01 PM Brian Campbell
<bcampb...@pingidentity.com> wrote:
I went ahead with this in -07.
On Wed, Sep 4, 2019 at 3:07 PM Brian Campbell <bcampb...@pingidentity.com>
wrote:
Thanks Barry, I kinda like it. Although I'm a bit hesitant to make a change
like that at this stage. I guess I'd be looking for a little more buy-in from
folks first. Though it's not actually a functional breaking change. So maybe
okay to just go with.
On Wed, Sep 4, 2019 at 2:54 PM Barry Leiba <barryle...@computer.org> wrote:
Yeah, with query parameters lacking the hierarchical semantics that the path
component has, it is much less clear. In fact, an earlier revision of the draft
forbid the query part as I was trying to avoid the ambiguity that it brings.
But there were enough folks with some use case for it that it made its way back
in. While I am sympathetic to the point you're making here, I'd prefer to not
codify the practice any further by way of example in the document.
Is it perhaps reasonable to discourage the use of a query component
while still allowing it? Maybe a "SHOULD NOT", such as this?:
OLD
Its value MUST be an absolute URI, as specified by
Section 4.3 of [RFC3986], which MAY include a query component but
MUST NOT include a fragment component.
NEW
Its value MUST be an absolute URI, as specified by
Section 4.3 of [RFC3986]. The URI MUST NOT include
a fragment component. It SHOULD NOT include a query
component, but it is recognized that there are cases that
make a query component useful.
END
What do you think?
Barry
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately by
e-mail and delete the message and any file attachments from your computer.
Thank you.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
