I will have a go writing an I-D defining an OAuth2 WWW-Auth response header...
though it will not be for at least a fortnight :-(
--
James Manger
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Saturday, 9 April 2011 1:56 PM
To: Manger, James H; OAuth WG
Subject: RE: OAuth2 schem
Thanks James.
I think overall your proposal is a good direction. I think the combination of
Link and WWW-Authenticate headers (static/dynamic) discovery is interesting.
If you have the time, I would love to see an I-D defining the OAuth2
authentication scheme (partial as you defined it) with cl
[Sorry, I didn't see this email before I sent my last one]
> Chairs - I would like to ask that you declare all discovery requirements and
> use cases out of scope for v2 and the working group at this point.
>
> ---
>
> As for the error code registry and the request Mike posted, I do not thi
r, James H"
To: Eran Hammer-Lahav ; William J. Mills
; OAuth WG
Sent: Thursday, April 7, 2011 11:47 PM
Subject: RE: [OAUTH-WG] OAuth2 scheme
A WWW-Auth header is a server’s security statement about how to gain access.
A Link header is a server’s statement of a relationship to another URI
ion/authorization flows.
--
James Manger
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Friday, 8 April 2011 12:04 PM
To: William J. Mills; Manger, James H; OAuth WG
Subject: RE: [OAUTH-WG] OAuth2 scheme
I agree that Link headers are much better fit for relaying discovery
info
work,
just not as most people expect discovery to).
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
William J. Mills
Sent: Thursday, April 07, 2011 7:01 PM
To: Manger, James H; OAuth WG
Subject: Re: [OAUTH-WG] OAuth2 scheme
In the SASL mechanism draft spec where we
sense, we need to define an OAuth2 scheme that *replaces* the Bearer and
MAC schemes - something you agree we should not do.
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Thursday, April 07, 2011 6:49 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] O
you
can interact with.
It's a swag at discovery in band, might work here too.
From: "Manger, James H"
To: OAuth WG
Sent: Thursday, April 7, 2011 6:48 PM
Subject: Re: [OAUTH-WG] OAuth2 scheme
We should define a “WWW-Authenticate: OAuth2 …”
We should define a "WWW-Authenticate: OAuth2 ..." response header - not to
encompass the MAC, Bearer, and any other generic HTTP authentication scheme,
but as a way for a server to tell the client that it can perform an OAuth2
get-a-token flow to gain access. When the sort of OAuth2 flow depends
Well... Can't say I didn't see this coming :)
The issue is not simply about putting a section back, but about the overall
protocol architecture and how it complies with HTTP.
For example, taking the MAC draft, how do you envision the resource server
responding to a failed authentication attempt
10 matches
Mail list logo
