15 May 2012 18:33
Re: OAUTH/SASL and the format debate
Simon Josefsson <simon <at> josefsson.org>
2012-05-15 16:33:30 GMT
2012-05-15 16:33:30 GMT
William Mills <wmills <at> yahoo-inc.com> writes:
>>Why digits as keys? Some consistency with RFC 5801/RFC5802 would be
>>nice, so how about something like the following, in pseudo ABNF/regexp
>>language:
>>
>> key = [A-Za-z0-9_-]+
>> value = [^,]*
>> kvpair = key "=" value
>> msg = kvpair ("," kvpair)*
>>
>>This allows descriptive names for the "key" names.
>
>
> Descriptive key names I like. "=" instead of "SP" is fine too. Comma
> separated means that the authorization header value will have to be
> base64 encoded, and I'm not sure I'm a big fan of that. CRLF won't
> appear in the auth header.
>
> Re-using the parser from 5801/5802 is attractive though. Not sure
> what I prefer there.
Is there some other character that isn't used in authorization headers
that could be used as a separator?
I also dislike having to base64 encode values if it can be avoided.
Another option is to escape "," but escaping is often troublesome as
well.
What I don't like about CRLF is that in some environments you may end up
(Continue reading)
RSS Feed