IETF Logo Mail Archive

RE: Oauth blog post

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Sun, 29 July 2012 18:15 UTC

Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A347C21F8458 for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 11:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.658
X-Spam-Level:
X-Spam-Status: No, score=-106.658 tagged_above=-999 required=5 tests=[AWL=-0.060, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jU2dQ0CbpCgB for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 11:15:04 -0700 (PDT)
Received: from demumfd001.nsn-inter.net (demumfd001.nsn-inter.net [93.183.12.32]) by ietfa.amsl.com (Postfix) with ESMTP id CF79F21F844A for <ietf@ietf.org>; Sun, 29 Jul 2012 11:15:03 -0700 (PDT)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd001.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id q6TIF0eZ001133 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 29 Jul 2012 20:15:00 +0200
Received: from demuexc023.nsn-intra.net (demuexc023.nsn-intra.net [10.150.128.36]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id q6TIF0hO030878; Sun, 29 Jul 2012 20:15:00 +0200
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by demuexc023.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Sun, 29 Jul 2012 20:15:00 +0200
Received: from 10.159.32.94 ([10.159.32.94]) by FIESEXC035.nsn-intra.net ([10.159.0.182]) with Microsoft Exchange Server HTTP-DAV ; Sun, 29 Jul 2012 18:14:59 +0000
MIME-Version: 1.0
Message-ID: <0d5301cd6db6$1076c605$5e209f0a@nsnintra.net>
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
Subject: RE: Oauth blog post
thread-topic: Oauth blog post
thread-index: Ac1tthB24Z6oQOqmRg+jcL4cpUQqOw==
Date: Sun, 29 Jul 2012 11:14:58 -0700
To: ext SM <sm@resistor.net>, Yaron Sheffer <yaronf.ietf@gmail.com>, ietf@ietf.org
Content-Type: multipart/alternative; boundary="_76EBEBE8-A7CE-9131-53E1-9F03BF7D36DD_"; charset="iso-8859-1"
X-OriginalArrivalTime: 29 Jul 2012 18:15:00.0298 (UTC) FILETIME=[1128E2A0:01CD6DB6]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 5857
X-purgate-ID: 151667::1343585701-000055D8-527DA60A/0-0/0-0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2012 18:15:05 -0000

We are going to respond to Eran's blog post. We would like to respond with some real content instead of vague statements.

I would find it useful if anyone of you who likes to agree or disagree to have at least read the OAuth specification. I had noticed that many of those who share their valuable thoughts have not even spent the time to look at the document. 

Hannes

Sent from my Windows Phone

-----Original Message-----
From: ext SM
Sent: 7/29/2012 8:23 AM
To: Yaron Sheffer; ietf@ietf.org
Subject: Re: Oauth blog post

Hi Yaron,
At 05:52 AM 7/29/2012, Yaron Sheffer wrote:
>this blog post ( 
>http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/) 
>by the editor of OAuth 2.0 made the rounds of 
>the geek news outlets: Slashdot, CNet etc. I am 
>sure many people on this list have seen it. But 
>I have seen no reactions on this list, nor on 
>the SAAG list. Is this too unimportant to 
>discuss? Is there nothing we, as an organization, can learn from it?

OAuth2 is more within Apps than SAAG.  People 
discuss about topics they are interested instead 
of what you or I would consider as important.  I 
don't know whether the IETF learns anything from 
its failures.  It can always redefine failure so 
that it becomes known as success. :-)

It is to Eran's credit that he did not seek all 
the credit when he could have done so.  What I 
could learn from that is that "doing the right 
thing" will be forgotten when it is convenient to 
do so.  The WG Chairs did something unusual to 
try and resolve the situation.  That's in the 
mailing list archive for anyone to read if the 
person thinks that it is important.

I'll highlight the following:

   "[the] working group at the IETF started with 
strong web presence. But as the
    work dragged on (and on) past its first year, 
those web folks left along with
    every member of the original 1.0 community. 
The group that was left was largely
    all enterprise… and me."

It's not the first time that this occurs.  It is 
up to the IETF to assess whether it is detrimental to have such an outcome.

Regards,
-sm

v2.38.3 | Report a Bug | By Email | System Status