Re: [OAUTH-WG] OAuth WG Re-Chartering
Eran Hammer <eran@hueniverse.com> Wed, 21 March 2012 20:37 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1261F21E812D for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 13:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.528
X-Spam-Level:
X-Spam-Status: No, score=-2.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id re762I9dMUbz for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 13:37:01 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id D6C8321E8129 for <oauth@ietf.org>; Wed, 21 Mar 2012 13:37:00 -0700 (PDT)
Received: (qmail 11034 invoked from network); 21 Mar 2012 20:36:57 -0000
Received: from unknown (HELO p3plex2out02.prod.phx3.secureserver.net) (184.168.131.14) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 21 Mar 2012 20:36:57 -0000
Received: from P3PW5EX1HT004.EX1.SECURESERVER.NET ([72.167.180.46]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id oLcK1i00110TkE001LcxUP; Wed, 21 Mar 2012 13:36:57 -0700
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT004.EX1.SECURESERVER.NET ([72.167.180.134]) with mapi; Wed, 21 Mar 2012 13:35:32 -0700
From: Eran Hammer <eran@hueniverse.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Wed, 21 Mar 2012 13:35:24 -0700
Thread-Topic: [OAUTH-WG] OAuth WG Re-Chartering
Thread-Index: Ac0HnyBv3UQ8vwznThKhS+qrQhGj4wAAuWVA
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453AFF08FD3@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <B327D847-B059-41D7-A468-8B8A5DB8BFCE@gmx.net> <CAAz=scnGaFzNNHv1xEQa0hCiA2gup_J_86HyzCnd7P0YTqfFxw@mail.gmail.com> <999913AB42CC9341B05A99BBF358718D01382ADC@FIESEXC035.nsn-intra.net> <90C41DD21FB7C64BB94121FBBC2E723453AFF089FE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4F6A2D9E.3050503@lodderstedt.net> <9E23B8E0-057F-42C1-807D-36F35690C7B2@ve7jtb.com>
In-Reply-To: <9E23B8E0-057F-42C1-807D-36F35690C7B2@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 20:37:02 -0000
As a general rule, we should not add any item to the charter unless there is a well-reviewed (and well-received) draft available as the basis for future work, as well as at least one editor for the task. EH > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com] > Sent: Wednesday, March 21, 2012 12:53 PM > To: Torsten Lodderstedt > Cc: Eran Hammer; oauth@ietf.org > Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering > > I don't think dynamic registration completely removes the need for a public > client, that can't keep secrets. > > While we did do dynamic client registration for Connect that is a more > constrained use case. > I would put JWT and AS-RS communication as higher priorities than dynamic > registration. > Partially because they are more self contained issues. > > John B. > On 2012-03-21, at 4:35 PM, Torsten Lodderstedt wrote: > > > In my opinion, dynamic client registration would allow us to drop public > client thus simplifying the core spec. > > > > regards, > > Torsten. > > > > Am 15.03.2012 16:00, schrieb Eran Hammer: > >> I believe most do, except for the dynamic client registration. I don't have > strong objections to it, but it is the least important and least defined / > deployed proposal on the list. The AS->RS work is probably simpler and more > useful at this point. > >> > >> EH > >> > >>> -----Original Message----- > >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On > Behalf > >>> Of Tschofenig, Hannes (NSN - FI/Espoo) > >>> Sent: Thursday, March 15, 2012 4:47 AM > >>> To: ext Blaine Cook; Hannes Tschofenig > >>> Cc: oauth@ietf.org > >>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering > >>> > >>> Hi Blaine, > >>> > >>> These are indeed good requirements you stated below. > >>> > >>> When you look at the list of topics do you think that the proposed items > >>> indeed fulfill them? > >>> > >>> Ciao > >>> Hannes > >>> > >>> > >>>> -----Original Message----- > >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On > Behalf > >>>> Of ext Blaine Cook > >>>> Sent: Thursday, March 15, 2012 1:31 PM > >>>> To: Hannes Tschofenig > >>>> Cc: oauth@ietf.org WG > >>>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering > >>>> > >>>> On 14 March 2012 20:21, Hannes Tschofenig > >>> <hannes.tschofenig@gmx.net> > >>>> wrote: > >>>>> So, here is a proposal: > >>>>> > >>>>> [Editor's Note: New work for the group. 5 items maximum! ] > >>>>> > >>>>> Aug. 2012 Submit 'Token Revocation' to the IESG for consideration > >>>> as a Proposed Standard > >>>>> Nov. 2012 Submit 'JSON Web Token (JWT)' to the IESG for > >>>> consideration as a Proposed Standard > >>>>> Nov. 2012 Submit 'JSON Web Token (JWT) Bearer Token Profiles for > >>>> OAuth 2.0' to the IESG for consideration > >>>>> Jan. 2013 Submit 'OAuth Dynamic Client Registration Protocol' to > >>>> the IESG for consideration as a Proposed Standard > >>>>> Sep. 2012 Submit 'OAuth Use Cases' to the IESG for consideration > >>>> as an Informational RFC > >>>> > >>>> This looks great to me. > >>>> > >>>> I have serious concerns about feature-creep, and think that the OAuth > >>>> WG should strongly limit its purview to these issues. In general, I > >>>> think it prudent for this working group in particular to consider > >>>> standardisation of work only under the following criteria: > >>>> > >>>> 1. Proposals must have a direct relationship to the mechanism of OAuth > >>>> (and not, specifically, bound to an application-level protocol). > >>>> 2. Proposals must have significant adoption in both enterprise and > >>>> startup environments. > >>>> 3. Any proposal must be driven based on a consideration of the > >>>> different approaches, as adopted in the wild, and strive to be a > >>>> better synthesis of those approaches, not a means to an end. > >>>> > >>>> These are the constraints with which I started the OAuth project, and > >>>> they're more relevant than ever. I'd hate to see OAuth fail in the end > >>>> because of a WS-*-like death by standards-pile-on. > >>>> > >>>> b. > >>>> _______________________________________________ > >>>> OAuth mailing list > >>>> OAuth@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/oauth > >>> _______________________________________________ > >>> OAuth mailing list > >>> OAuth@ietf.org > >>> https://www.ietf.org/mailman/listinfo/oauth > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth WG Re-Chartering Hannes Tschofenig
- Re: [OAUTH-WG] OAuth WG Re-Chartering Igor Faynberg
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Anthony Nadalin
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Nat Sakimura
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Blaine Cook
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Blaine Cook
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering George Fletcher
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering George Fletcher
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Justin Richer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt