IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth WG Re-Chartering

Eran Hammer <eran@hueniverse.com> Thu, 15 March 2012 15:01 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7B7E21F8652 for <oauth@ietfa.amsl.com>; Thu, 15 Mar 2012 08:01:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5Qk6mvVF952 for <oauth@ietfa.amsl.com>; Thu, 15 Mar 2012 08:01:07 -0700 (PDT)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 7027921F8732 for <oauth@ietf.org>; Thu, 15 Mar 2012 08:01:07 -0700 (PDT)
Received: (qmail 30974 invoked from network); 15 Mar 2012 15:01:07 -0000
Received: from unknown (HELO p3plex2out01.prod.phx3.secureserver.net) (184.168.131.12) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 15 Mar 2012 15:01:07 -0000
Received: from P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id lr161i0040SoFT401r17BU; Thu, 15 Mar 2012 08:01:07 -0700
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Thu, 15 Mar 2012 08:00:20 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, ext Blaine Cook <romeda@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Thu, 15 Mar 2012 08:00:11 -0700
Thread-Topic: [OAUTH-WG] OAuth WG Re-Chartering
Thread-Index: Ac0CnzJzNsQfN7a4RL6KgAEUAk1PowAAfdrQAAbBvTA=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453AFF089FE@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <B327D847-B059-41D7-A468-8B8A5DB8BFCE@gmx.net> <CAAz=scnGaFzNNHv1xEQa0hCiA2gup_J_86HyzCnd7P0YTqfFxw@mail.gmail.com> <999913AB42CC9341B05A99BBF358718D01382ADC@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D01382ADC@FIESEXC035.nsn-intra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2012 15:01:09 -0000

I believe most do, except for the dynamic client registration. I don't have strong objections to it, but it is the least important and least defined / deployed proposal on the list. The AS->RS work is probably simpler and more useful at this point.

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Tschofenig, Hannes (NSN - FI/Espoo)
> Sent: Thursday, March 15, 2012 4:47 AM
> To: ext Blaine Cook; Hannes Tschofenig
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
> 
> Hi Blaine,
> 
> These are indeed good requirements you stated below.
> 
> When you look at the list of topics do you think that the proposed items
> indeed fulfill them?
> 
> Ciao
> Hannes
> 
> 
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of ext Blaine Cook
> > Sent: Thursday, March 15, 2012 1:31 PM
> > To: Hannes Tschofenig
> > Cc: oauth@ietf.org WG
> > Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
> >
> > On 14 March 2012 20:21, Hannes Tschofenig
> <hannes.tschofenig@gmx.net>
> > wrote:
> > > So, here is a proposal:
> > >
> > > [Editor's Note: New work for the group. 5 items maximum! ]
> > >
> > > Aug. 2012    Submit 'Token Revocation' to the IESG for consideration
> > as a Proposed Standard
> > > Nov. 2012    Submit 'JSON Web Token (JWT)' to the IESG for
> > consideration as a Proposed Standard
> > > Nov. 2012    Submit 'JSON Web Token (JWT) Bearer Token Profiles for
> > OAuth 2.0' to the IESG for consideration
> > > Jan. 2013    Submit 'OAuth Dynamic Client Registration Protocol' to
> > the IESG for consideration as a Proposed Standard
> > > Sep. 2012    Submit 'OAuth Use Cases' to the IESG for consideration
> > as an Informational RFC
> >
> > This looks great to me.
> >
> > I have serious concerns about feature-creep, and think that the OAuth
> > WG should strongly limit its purview to these issues. In general, I
> > think it prudent for this working group in particular to consider
> > standardisation of work only under the following criteria:
> >
> > 1. Proposals must have a direct relationship to the mechanism of OAuth
> > (and not, specifically, bound to an application-level protocol).
> > 2. Proposals must have significant adoption in both enterprise and
> > startup environments.
> > 3. Any proposal must be driven based on a consideration of the
> > different approaches, as adopted in the wild, and strive to be a
> > better synthesis of those approaches, not a means to an end.
> >
> > These are the constraints with which I started the OAuth project, and
> > they're more relevant than ever. I'd hate to see OAuth fail in the end
> > because of a WS-*-like death by standards-pile-on.
> >
> > b.
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email