+1 to Filip's suggestion
On Mon, 27 Apr 2020 at 10:42, Filip Skokan wrote:
> I believe implementers should be free to devise their own URIs and not be
> locked down to one by the spec, at the same time,
> and RFC6755 subnamespace would be good for guidance.
>
> So, I would suggest it be RECOMMEN
On Mon, Apr 27, 2020 at 12:58:09PM -0400, Justin Richer wrote:
> I agree that any URI could be used but that it MUST be understood by the AS
> to be local to the AS (and not something that can be impersonated by an
> attacker). I wouldn’t even go so far as RECOMMENDED, but it’s certainly an
> op
Yeah, I hadn't really been thinking of going so far as making it
RECOMMENDED either but more of just providing an easy option for those that
would choose to use it.
On Mon, Apr 27, 2020 at 10:58 AM Justin Richer wrote:
> I agree that any URI could be used but that it MUST be understood by the
I agree that any URI could be used but that it MUST be understood by the AS to
be local to the AS (and not something that can be impersonated by an attacker).
I wouldn’t even go so far as RECOMMENDED, but it’s certainly an option.
— Justin
> On Apr 27, 2020, at 4:41 AM, Filip Skokan wrote:
>
+1
On Mon, 27 Apr 2020 at 01:42, Filip Skokan wrote:
>
> I believe implementers should be free to devise their own URIs and not be
> locked down to one by the spec, at the same time, and RFC6755 subnamespace
> would be good for guidance.
>
> So, I would suggest it be RECOMMENDED to use e.g.
>
I believe implementers should be free to devise their own URIs and not be
locked down to one by the spec, at the same time,
and RFC6755 subnamespace would be good for guidance.
So, I would suggest it be RECOMMENDED to use e.g.
`urn:ietf:params:oauth:request_uri:` (Brian's proposal) but also
that a
Hi all,
another topic from last week’s virtual meeting.
Shall there be guidance on the request URI structure?
Please state your opinion.
thanks in advance,
Torsten.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oaut