If you specify it. It is supported but not required.
EHL
On Jul 16, 2010, at 16:16, "Brian Eaton" wrote:
> On Fri, Jul 16, 2010 at 11:21 AM, Yaron Goland wrote:
>> That's my point. The spec says " Words of *TEXT MAY contain characters from
>> character sets other than ISO- 8859-1 [22] only
On Fri, Jul 16, 2010 at 11:21 AM, Yaron Goland wrote:
> That's my point. The spec says " Words of *TEXT MAY contain characters from
> character sets other than ISO- 8859-1 [22] only when encoded according to the
> rules of RFC 2047 [14]." But since RFC 2047 is a dead letter as a practical
> mat
Yaron Goland
> Cc: Eran Hammer-Lahav; OAuth WG
> Subject: Re: [OAUTH-WG] What to do about 'realm'
>
> On Tue, Jul 13, 2010 at 9:46 AM, Yaron Goland
> wrote:
> > As defined in section 4.2 of RFC 2616 the only characters legally allowed
> > in a
> HTTP heade
On Tue, Jul 13, 2010 at 9:46 AM, Yaron Goland wrote:
> As defined in section 4.2 of RFC 2616 the only characters legally allowed in
> a HTTP header are a fairly small subset of ASCII.
I don't think that is correct. The definition of the TEXT rule in
section 2.2 allows most octets. It also refere
.
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Eran Hammer-Lahav
> Sent: Sunday, July 11, 2010 8:29 PM
> To: Robert Sayre
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] What to do about 'realm'
>
>
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org]
> On Behalf Of Brian Eaton
> Sent: Saturday, July 10, 2010 11:56 PM
> To: Eran Hammer-Lahav
> Cc: OAuth WG (oauth@ietf.org)
> Subject: Re: [OAUTH-WG] What to do about 'realm&
On 7/11/10 3:32 PM, "Robert Sayre" wrote:
> On Sun, Jul 11, 2010 at 12:27 PM, Eran Hammer-Lahav
> wrote:
>> [this has noting to do with realm]
>>
>> Any solution should be:
>>
>> - Extensible we removed the few discovery parameters from the core spec
>> due to lack of maturity and consens
On Sun, Jul 11, 2010 at 12:27 PM, Eran Hammer-Lahav wrote:
> [this has noting to do with realm]
>
> Any solution should be:
>
> - Extensible – we removed the few discovery parameters from the core spec
> due to lack of maturity and consensus. However, we clearly have enough
> strong interest in re
[this has noting to do with realm]
Any solution should be:
- Extensible - we removed the few discovery parameters from the core spec due
to lack of maturity and consensus. However, we clearly have enough strong
interest in reintroducing them as extensions. The WWW-Authenticate header is
the na
+1. James states two important requirements (don't stand in the way of dynamic
config, provide end-user authz endpoint at a minimum) we need to meet, whatever
we pick.
Eve
On 11 Jul 2010, at 6:12 AM, Manger, James H wrote:
> Brian,
>
>> Or even just:
>>
>> WWW-Authenticate: OAuth2
>>
Brian,
> Or even just:
>
> WWW-Authenticate: OAuth2
>
> Seriously.
I seriously hope not.
It gives no chance for a client to work with a service without being
pre-configured with a whole lot of service-specific knowledge -- in addition to
an app-id/password.
I don't think a realm parameter adds
You mean the syntax used by most HTTP headers? There is clearly a need for
adding extensions.
EHL
On Jul 11, 2010, at 2:55, Brian Eaton wrote:
> On Sun, Jun 27, 2010 at 6:51 PM, Eran Hammer-Lahav
> wrote:
>> 1. Leave it as required under the definition of RFC 2617 (i.e. provide no
>> help, d
On Sat, Jul 10, 2010 at 11:55 PM, Brian Eaton wrote:
>
> Let's use a format like this:
>
> WWW-Authenticate: OAuth2 base64()
>
> Or even just:
>
> WWW-Authenticate: OAuth2
>
> Seriously.
Looks good. Doesn't matter which the WG picks.
> 1) dropping the name="value" syntax won't break the internet
On Sun, Jun 27, 2010 at 6:51 PM, Eran Hammer-Lahav wrote:
> 1. Leave it as required under the definition of RFC 2617 (i.e. provide no
> help, developers will need to ready 2617 and figure out what to do with it).
>
> 2. Update 2617 to remove the requirement – this is not going to be easy or
> poss
+1 (for #3->#4)
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Torsten Lodderstedt
Sent: Monday, June 28, 2010 11:08 AM
To: Dick Hardt
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] What to do about 'realm'
+1
Am 28.06.2010 07:37, schrieb Dick
+1
Am 28.06.2010 07:37, schrieb Dick Hardt:
I vote for (3) unless a good (4) is suggested.
On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
Over the past year many people expressed concerns about the use of
the ‘realm’ WWW-Authenticate header parameter. The parameter is
defined in RFC 261
#3 +1
> 2010/6/28 Dick Hardt :
> > I vote for (3) unless a good (4) is suggested.
> > On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
> >
> > Over the past year many people expressed concerns about the
> use of the
> > 'realm' WWW-Authenticate header parameter. The parameter is
> defined in
On 28/06/2010 06:37, Dick Hardt wrote:
> I vote for (3) unless a good (4) is suggested.
Ditto.
p
> On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
>
>> Over the past year many people expressed concerns about the use of the
>> ‘realm’ WWW-Authenticate header parameter. The parameter is defi
+1
2010/6/28 Dick Hardt :
> I vote for (3) unless a good (4) is suggested.
> On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
>
> Over the past year many people expressed concerns about the use of the
> ‘realm’ WWW-Authenticate header parameter. The parameter is defined in RFC
> 2617 as require
I vote for (3) unless a good (4) is suggested.
On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
> Over the past year many people expressed concerns about the use of the
> ‘realm’ WWW-Authenticate header parameter. The parameter is defined in RFC
> 2617 as required, and is allowed to have sch
Over the past year many people expressed concerns about the use of the 'realm'
WWW-Authenticate header parameter. The parameter is defined in RFC 2617 as
required, and is allowed to have scheme-specific structure.
We have a few options:
1. Leave it as required under the definition of RFC 2617 (
21 matches
Mail list logo
