IETF Logo Mail Archive

Re: Oauth blog post

Tim Bray <tbray@textuality.com> Mon, 30 July 2012 03:00 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EFF21F8575 for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 20:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.094
X-Spam-Level:
X-Spam-Status: No, score=-5.094 tagged_above=-999 required=5 tests=[AWL=-2.117, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vZNY1eAvON6 for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 20:00:49 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 267FB21F8568 for <ietf@ietf.org>; Sun, 29 Jul 2012 20:00:49 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so4464687vbb.31 for <ietf@ietf.org>; Sun, 29 Jul 2012 20:00:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=uPZtwDODroM8COigEdZ5kYE9zOWk9bTusE8U7jVlWdA=; b=W3WM38eAkAguKOP3CknwZQYoOJDxaFf6JU+x7c7spjNUHu+VRxzfMBew0DfxqfOPxn IkZBr4Xer0hWhedLyiDR4Dil76DrmXGEsFhuRU0JC9hwqD066OYQ8bH87sAJ1iRSMern /8ppIt0rDZDMgMv9QOx6qGmDCIaZyO/jvChcv/06hsdeqxpMClu1fJAk+kW/NMgQYiYZ JPSjXLnsLJL6rzzhrF7LZAaisgKl9fU/svfMZZYVqMLdxA2E4enkf5ImyHPQLJSjCg/d FC/y1qi1IOYDaK/6k2QLa3y6v9q5t84GlaDxGPHpNqkGpACYh5MXFf9kwkSetvXUG+2O MI5w==
MIME-Version: 1.0
Received: by 10.220.142.79 with SMTP id p15mr9543196vcu.24.1343617248379; Sun, 29 Jul 2012 20:00:48 -0700 (PDT)
Received: by 10.52.113.162 with HTTP; Sun, 29 Jul 2012 20:00:48 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <78374799-AF96-400D-8FB5-205D096CD113@gmx.net>
References: <501531F7.5040404@gmail.com> <6.2.5.6.2.20120729073422.06d8fe10@resistor.net> <39B73AD9-4E8F-4E94-A538-69BE5D8C0E18@gmx.net> <1343593068.9245.0.camel@gwz-laptop> <1876CD0A-DD0A-4253-B559-0A4F041DA3DE@checkpoint.com> <2A096686-53B2-42C0-8A7B-CEDD691AB2AD@gmx.net> <CD5674C3CD99574EBA7432465FC13C1B22726A0BCA@DC-US1MBEX4.global.avaya.com> <78374799-AF96-400D-8FB5-205D096CD113@gmx.net>
Date: Sun, 29 Jul 2012 20:00:48 -0700
Message-ID: <CAHBU6isADXftAv91CCt-hxUabd6a++gPjuq7b4U4g_7HPsZ=Hg@mail.gmail.com>
Subject: Re: Oauth blog post
From: Tim Bray <tbray@textuality.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnhRcQnfSV/fYVdoLQ2fApLaEBKW5ZWLI9TE5fBf9IR9ETk7zQ6zXY1qg2UtOkBtZEBOiTa
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2012 03:00:50 -0000

I have not been involved in the OAuth design processes, but for the
last few months, I’ve been a heavy user of production OAuth2 software.
Which I felt gave me a platform to comment  on the issue:
http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead

 -Tim

On Sun, Jul 29, 2012 at 2:57 PM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> It sounds indeed great to involve those communities that use the technology. However, I don't see an easy way to accomplish that when we talk about a really large community.
>
> For example, many people use TLS and they are not all in the TLS WG working group. I am not even talking about providing useful input to the work (since you would have to be a security expert and some people just want to get their application development done as quickly as possible). They just use the library.
>
> OAuth is a bit similar in that direction. Ideally, we want Web application developers to just use a library and then add their application specific technology on top of it rather than having to read the IETF specification and to write the OAuth code themselves.
>
> On Jul 29, 2012, at 2:13 PM, Worley, Dale R (Dale) wrote:
>
>>> From: Hannes Tschofenig [hannes.tschofenig@gmx.net]
>>>
>>> Eran claims that enterprise identity management equipment manufacturer dominate the discussion.
>>
>> There's a common problem in the IETF that the development of a standard is dominated by companies that incorporate the standard into their products, whereas the people who "really should" be involved in the development are those who will *use* the standard in operation.
>>
>> Dale
>

v2.39.1 | Report a Bug | By Email | System Status