Re: [OAUTH-WG] Rechartering

Igor Faynberg <> Tue, 14 September 2010 09:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 74AD13A68A5 for <>; Tue, 14 Sep 2010 02:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[AWL=0.105, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s8eYk44uOk9i for <>; Tue, 14 Sep 2010 02:41:22 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B84413A6822 for <>; Tue, 14 Sep 2010 02:41:21 -0700 (PDT)
Received: from ( []) by (8.13.8/IER-o) with ESMTP id o8E9fjNj022156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Sep 2010 04:41:45 -0500 (CDT)
Received: from [] ( []) by (8.13.8/TPES) with ESMTP id o8E9fhFU027767; Tue, 14 Sep 2010 04:41:44 -0500 (CDT)
Message-ID: <>
Date: Tue, 14 Sep 2010 05:41:43 -0400
From: Igor Faynberg <>
Organization: Alcatel-Lucent
User-Agent: Thunderbird (Windows/20100228)
MIME-Version: 1.0
To: Hannes Tschofenig <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on
Subject: Re: [OAUTH-WG] Rechartering
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Sep 2010 09:41:23 -0000


Many thanks for putting this together.

First, I strongly believe that the work that had already been identified 
important and had started needs to be finished, and to this end I 
consider the item that Torsten had brought forth, on *token revocation*, 
to be of the highest priority. We have had a useful and comprehensive 
discussion on the list, with quite democratic "vote" for options, and 
Torsten has a draft. (Note that the options I "voted" for were not 
accepted, but I am very happy with the process, and I will review the 
drafts--and contribute to it whenever needed.) Again, to me the this is 
a single most important item that needs to be completed, and I believe 
that it can be completed fairly quickly.

Second, I am interested in the SAML interworking item. This will help 
with moving OAuth into enterprise and possibly telecom, too. Again, I 
plan to review and comment--and contribute, if required--on this item.

Third, I think the implementers guide is  absolutely essential. 
(Interestingly enough, the discussion of white spaces vs. commas in 
yesterday's thread has effectively started this work.) In my opinion, 
this item must be carried in parallel with others. I wonder if this 
should be tied up with use cases. The use cases drive the protocol 
definition and then effectively become the testing tool for the 
protocol. Thus, for every use case, the guide could show an example 

Fourth, of course, I am interested in "identity management using OAuth."

This is not to say that I am not interested in the rest of the items. (I 
am, and I could have listed them as the fifth item.) This is only my 
personal view on priorities.

Hannes Tschofenig wrote:
> I forgot an item already, namely 'identity management using OAuth' in 
> the style of OpenID Connect.
> At IIW we also had a chat about an implementers guide and 
> interoperability tests. The idea of the implementers guide is create a 
> living document that captures implementation experience with different 
> programming languages and development frameworks. It was also expected 
> that implementers will bundle different profiles and different 
> extensions in their implementation and it would be useful to describe 
> their experience.
> In any case, I think both items are important.
> Ciao
> Hannes
> On 11.09.2010 19:59, Hannes Tschofenig wrote:
>> Hi all,
>> at the Washington Internet Identity Workshop we had the chance to chat
>> about OAuth. Given the progress on the main specification we should
>> discuss WG re-chartering.
>> The following items had been proposed at the meeting:
>> * Messaging Signing
>> Example: 
>> * User Experience Extensions
>> Example:
>> * Artifact Binding
>> Example:
>> * SAML for OAuth
>> Example:
>> * Recommendations of commonly used Scope values
>> No draft available (to my knowledge)
>> * Dynamic Client Registration
>> Example:
>> I am interested to hear
>> a) what items are important for you; we cannot work on everything at the
>> same time.
>> b) what items are you willing to co-author (requires a hard time
>> commitment)
>> c) what items are you willing to review
>> d) whether we should consider other items?
>> Btw, to have your work considered you have to submit an IETF draft.
>> Please use the Web tool to upload it:
>> Also use the following filename convention:
>> draft-[author last name]-oauth-[some short name]-[version#].txt
>> Ciao
>> Hannes
>> _______________________________________________
>> OAuth mailing list
> _______________________________________________
> OAuth mailing list