Re: [OAUTH-WG] Rechartering

Eran Hammer-Lahav <> Thu, 20 October 2011 17:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C32E721F8BA6 for <>; Thu, 20 Oct 2011 10:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.468
X-Spam-Status: No, score=-2.468 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 79rNxcl50Xuj for <>; Thu, 20 Oct 2011 10:58:21 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id 471E721F8B74 for <>; Thu, 20 Oct 2011 10:58:12 -0700 (PDT)
Received: (qmail 20560 invoked from network); 20 Oct 2011 17:58:12 -0000
Received: from unknown (HELO ( by with SMTP; 20 Oct 2011 17:58:11 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([]) with mapi; Thu, 20 Oct 2011 10:58:05 -0700
From: Eran Hammer-Lahav <>
To: "Richer, Justin P." <>, Barry Leiba <>, OAuth WG <>
Date: Thu, 20 Oct 2011 10:57:56 -0700
Thread-Topic: [OAUTH-WG] Rechartering
Thread-Index: AQHMjuZUxOCzG5jjVkyNkG8gNxk6H5WFg2oAgAAl6AD//8HAeIAAFcWg
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723452631E9128@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <> <>, <> <B33BFB58CCC8BE4998958016839DE27EB414@IMCMBX01.MITRE.ORG>
In-Reply-To: <B33BFB58CCC8BE4998958016839DE27EB414@IMCMBX01.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Rechartering
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Oct 2011 17:58:21 -0000

This is not how the IETF, or for that matter, any standards body operates. Working groups must be focused with a clearly defined purpose. For example, JWT is a large enough effort and clear enough to form a working group today - just go ahead and propose it. JWT has OAuth binding but it is not part of OAuth. JWT to OAuth is what WebDAV is to HTTP.

It is not enough to have critical mass for each document if there isn't a significant overlap in audience across each. Trying to do too much at the same times creates list noise and really forces those with day jobs not dedicated to standards to leave the WG.

Bundling efforts makes sense when they are small enough and can be finished in a short period of time. Some of these documents can also live on the list but not become official WG documents. Take a look at HTTPbis - they have a clear charter and set of documents but the list is discussing about a dozen of other individual submissions, some from the editors and chair of the WG, without any problem or heavy handed process.


> -----Original Message-----
> From: [] On Behalf
> Of Richer, Justin P.
> Sent: Thursday, October 20, 2011 9:31 AM
> To: Barry Leiba; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
> I think it will be true that the whole working group won't be focusing on all
> documents at the same time, much in the same way that different subsets of
> our current WG have focused on things like the security document or SAML
> bindings. In this fashion, I believe we'll be able to pull expertise from
> different sectors to produce a family of documents that live in an ecosystem
> around OAuth.
> For many of these documents, even though they're not directly OAuth
> pieces (like JWT), but where else should they live? This may not be The Way
> That IETF Does It (I'm honestly not sure), but in my opinion, as long as each
> document has a dedicated editor and at least some interaction/support with
> the group we can handle many of these smaller items.
>  -- Justin
> ________________________________________
> From: [] on behalf of Barry
> Leiba []
> Sent: Thursday, October 20, 2011 12:05 PM
> To: OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
> > do we have the band width to work on all these items, as some are big
> > and some are fairly small and contained. May have to have some
> > prioritized list of where people think these fit.
> Yes, exactly.  And one of the things we'd like to hear from all of you is what
> your priorities are... how you would prioritize the list.
> Barry, chair-like object
> _______________________________________________
> OAuth mailing list
> _______________________________________________
> OAuth mailing list