IETF Logo Mail Archive

Re: [oauth] Updated Charter Text

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 18 February 2009 14:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBEC928C104 for <oauth@core3.amsl.com>; Wed, 18 Feb 2009 06:38:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.293
X-Spam-Level:
X-Spam-Status: No, score=-0.293 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lEuh4iwZ8e7 for <oauth@core3.amsl.com>; Wed, 18 Feb 2009 06:38:48 -0800 (PST)
Received: from mail.newbay.com (87-198-172-198.ptr.magnet.ie [87.198.172.198]) by core3.amsl.com (Postfix) with ESMTP id C45A63A6D2A for <oauth@ietf.org>; Wed, 18 Feb 2009 06:38:47 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.newbay.com (Postfix) with ESMTP id D434E1004159B; Wed, 18 Feb 2009 14:38:58 +0000 (GMT)
X-Virus-Scanned: amavisd-new at newbay.com
Received: from mail.newbay.com ([127.0.0.1]) by localhost (mail.newbay.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NcPMdm6nQFM; Wed, 18 Feb 2009 14:38:58 +0000 (GMT)
Received: from [192.168.3.55] (unknown [192.168.3.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.newbay.com (Postfix) with ESMTP id B5F921003F4C7; Wed, 18 Feb 2009 14:38:55 +0000 (GMT)
Message-ID: <499C1E37.6030105@cs.tcd.ie>
Date: Wed, 18 Feb 2009 14:41:59 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird 2.0.0.16 (X11/20080707)
MIME-Version: 1.0
To: Blaine Cook <romeda@gmail.com>
References: <3D3C75174CB95F42AD6BCC56E5555B4501102F3B@FIESEXC015.nsn-intra.net> <499BEC9E.10704@cs.tcd.ie> <3D3C75174CB95F42AD6BCC56E5555B4501103309@FIESEXC015.nsn-intra.net> <d37b4b430902180601g16d44196n33d599a817041677@mail.gmail.com>
In-Reply-To: <d37b4b430902180601g16d44196n33d599a817041677@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, oauth@ietf.org
Subject: Re: [oauth] Updated Charter Text
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2009 14:38:49 -0000

Blaine Cook wrote:
> On Wed, Feb 18, 2009 at 1:47 PM, Tschofenig, Hannes (NSN - FI/Espoo)
> <hannes.tschofenig@nsn.com> wrote:
>> Hi Stephen,
>>
>> you are a tough negotiator :-)
>>
>> I think Blaine tried to capture it with the following bullet:
>> "
>> * Alternate token exchange profiles.
>> "

I didn't get that when I read it.

> Correct ;-) There are a few other approaches to exchanging tokens that
> may be useful in different contexts, and I don't want to close the
> door on those if people care about them. I absolutely consider the
> mobile/challenged device use case as critical to address either in the
> core spec or, if that's not possible, as an alternate token exchange
> profile.

Good. Me too:-)

>> Would adding something like the sentence below make you happier?
>>
>> "
>> For example, profiles that take challenged devices and aggregators into
>> account allowing for the client to directly acquire an access token from
>> a set of credentials.
>> "

That'd do it for me. If you're both ok with adding that you
can stop reading now:-)

> I'm weary about being too specific. I appreciate that there is an I-D,
> but there are also several OAuth extension specs that are well
> documented and in active use in the wild, but do not have specific
> attention in the charter. 

Sure. OTOH, anyone can write an I-D and that is the IETF
process, so one shouldn't be penalised for actually doing
the right thing, right?

I'll be interested in seeing how many of those other
extensions get pushed into the IETF process. As of now,
that's zero. So there's a justification for this use
case (which we agree is critical) to be called out
up front. (And to be clear, the reason I'm hammering
on this is so that the WG can choose to adopt an
I-D on the topic without first rechartering.)

> I also worry that we haven't properly
> evaluated the case history nor have we attempted to outline what other
> approaches are possible and discuss the various trade-offs. Committing
> to a single profile and use case without a proper discussion and clear
> consensus seems backwards to me.

I've no problem with that. Even if our I-D is named in
the charter, there's no guarantee that it gets adopted by
the WG and the proposed charter text I sent doesn't
assume that it will be adopted. Its quite common for
there to be a number of draft-author-foo drafts only
one of which becomes draft-ietf-wg-foo and that's
just fine. From my POV the important thing is that the
WG is chartered to address the use case. Our I-D
is currently just one approach.

> My current feeling on the matter is that we have a charter which
> provides ample room for discussion and implementation of the
> accesstoken-creds I-D, without explicitly committing to it (which is
> something I'm personally not prepared to do, and my impression is that
> few are or will be until we have the core OAuth work complete).

And I wouldn't, and didn't, ask for that.

Stephen.

> 
> b.
>

v2.23.0 | Report a Bug | By Email