Meant to send this note yesterday and forgot to press Send: Note that a permission ticket request is in JSON anyway <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-08.html#rfc.section.4.1>. We switched to using the "parameter" language because OAuth does (even for JSON responses). We could add something clarifying (it would be editorial, I think) if we think it's warranted for other cases, but for your case, Mike, it's already covered. *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Wed, Oct 4, 2017 at 8:28 AM, Mike Schwartz <mike@gluu.org> wrote:
Does it make sense to add: "Other parameters MAY be sent."
The OpenID Authn request explicitly states this, and it's just clarifying.
- Mike
On 2017-10-03 08:17, Justin Richer wrote:
You can try to prevent it, but people would ignore that and do it anyway in practice. :)
-- Justin
On 10/2/2017 4:47 PM, Eve Maler wrote:
We're explicit about being able to extend JSON structures in Sec 1.1
of each spec, but that's almost a courtesy. (That dated from the era of request messages all being in JSON, vs. our more OAuth-oriented outlook now.) Can we even prevent adding extension parameters?
Eve Maler Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Mon, Oct 2, 2017 at 10:32 PM, Mike Schwartz <mike@gluu.org> wrote:
UMA Gurus,
https://docs.kantarainitiative.org/uma/ed/oauth-uma- federated-authz-2.0-07.html#rfc.section.4.1
[1]
Section 4.1 Resource Server Request to Permission Endpoint says "it has the following parameters".
Can it have extra parameters?
The OpenID Connect Core authentication request spec says "Other parameters MAY be sent."
- Mike
-- ------------------------ Michael Schwartz Gluu Founder / CEO mike@gluu.org https://www.linkedin.com/in/nynymike/ [2] _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma [3]
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Links: ------ [1] https://docs.kantarainitiative.org/uma/ed/oauth-uma- federated-authz-2.0-07.html#rfc.section.4.1 [2] https://www.linkedin.com/in/nynymike/ [3] https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma