IETF Logo Mail Archive

Re: [OAUTH-WG] First draft of OAuth 2.0

Eve Maler <eve@xmlgrrl.com> Wed, 24 March 2010 18:07 UTC

Return-Path: <eve@xmlgrrl.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5FACD3A6D84 for <oauth@core3.amsl.com>; Wed, 24 Mar 2010 11:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.437
X-Spam-Level: **
X-Spam-Status: No, score=2.437 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, FROM_DOMAIN_NOVOWEL=0.5, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvjCsJfjmQzh for <oauth@core3.amsl.com>; Wed, 24 Mar 2010 11:07:21 -0700 (PDT)
Received: from mail.promanage-inc.com (eliasisrael.com [98.111.84.13]) by core3.amsl.com (Postfix) with ESMTP id 531AA3A6D89 for <oauth@ietf.org>; Wed, 24 Mar 2010 11:07:21 -0700 (PDT)
Received: from [192.168.168.198] ([192.168.168.198]) (authenticated bits=0) by mail.promanage-inc.com (8.14.3/8.14.3) with ESMTP id o2OI7diu028640 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 24 Mar 2010 11:07:39 -0700
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <c47f68be1003240954u56067426mb475ac0f5fb96284@mail.gmail.com>
Date: Wed, 24 Mar 2010 11:07:39 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <1835B698-CB76-4FA2-9858-2CC88FD3DDF1@xmlgrrl.com>
References: <fd6741651003231047s419db471x98098a2e46aab168@mail.gmail.com> <C7CE5F03.28E6%cmortimore@salesforce.com> <fd6741651003231210j472652dayd2cb909605e93f9@mail.gmail.com> <146E0BB4-6ACD-4861-958D-948CB418BC6C@gmail.com> <c47f68be1003240954u56067426mb475ac0f5fb96284@mail.gmail.com>
To: Hans Granqvist <hans@granqvist.com>
X-Mailer: Apple Mail (2.1077)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2010 18:07:22 -0000

On 24 Mar 2010, at 9:54 AM, Hans Granqvist wrote:
> On Tue, Mar 23, 2010 at 9:44 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>> ...
>> By keeping all profiles in one document, someone easily understands the different applications of the technology, and when a different use case comes up, they know it is available rather than having to look at a different document.
> 
> Yes. One doc rules since the spec + its delta changes are immediately obvious.
> 
> Multiple docs lead to unnecessary restating of facts, potential
> redefinitions of terms, versioning and feature creep clashes, visual
> hiding of complexity, scopes, etc. + you never know if you have the
> whole set of docs. Think WS-*.

On reflection, I agree (having contributed to the SAML proliferation-of-specs problem).  Any profiles that meet some threshold of interest -- say, more than one party asking for it -- and that are known prior to final publication would be good to include in one package.  There are editing, review, and approval overhead costs for every separate spec that this group itself publishes.  But it should also be clear how others can produce spinoff profile specs.  SAML offered guidelines for people writing third-party profiles and extensions, and a lighter-weight version of this might be nice to have on record if there's any complexity to it.

	Eve

Eve Maler
eve@xmlgrrl.com
http://www.xmlgrrl.com/blog

v2.23.0 | Report a Bug | By Email