Re: [OAUTH-WG] Rechartering

What possible rational is there for SWD to belong in the OAuth working group and in the security area?

EHL

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Mike Jones
> Sent: Thursday, October 20, 2011 12:12 PM
> To: Hannes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
> 
> Thanks, Hannes.  Here's my prioritized list of new work:
> 
> 1.  JSON Web Token (JWT)
> 2.  Simple Web Discovery (SWD)
> 3.  JSON Web Token (JWT) Bearer Token Profile
> 4.  Token Revocation
> 
> My prioritized list of existing work items to complete after the core and
> bearer specs are:
> 
> A.  Assertions Specification
> B.  SAML Bearer Token Profile
> 
> I am ambivalent about whether the working group takes on most of the
> other work items.
> 
> Responding to Eran's comments on SWD versus host-meta, these specs have
> significantly different goals and use substantially different mechanisms with
> different privacy characteristics.  Also, if you compare the relative complexity
> of the example at http://tools.ietf.org/html/draft-hammer-hostmeta-
> 17#appendix-A versus the example at http://tools.ietf.org/html/draft-jones-
> simple-web-discovery-01#section-1, you can see why SWD was chosen for
> use in OpenID Connect to discover OAuth authorization and resource server
> endpoints.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, October 19, 2011 10:09 PM
> To: OAuth WG
> Subject: [OAUTH-WG] Rechartering
> 
> Hi all,
> 
> in preparation of the upcoming IETF meeting Barry and I would like to start a
> re-chartering discussion.  We both are currently attending the Internet
> Identity Workshop and so we had the chance to solicit input from the
> participants. This should serve as a discussion starter.
> 
> Potential future OAuth charter items (in random order):
> 
> ----------------
> 
> 1) Dynamic Client Registration Protocol
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/
> 
> 2) Token Revocation
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/
> 
> 3) UMA
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/
> 
> 4) Client Instance Extension
> 
> Available document:
> http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt
> 
> 5) XML Encoding
> 
> Available document:
> http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt
> 
> 6) JSON Web Token
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-json-web-token-05
> 
> 7) JSON Web Token (JWT) Bearer Profile
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00
> 
> 8) User Experience Extension
> 
> Available document:
> http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00
> 
> 9) Request by Reference
> 
> Available document:
> http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00
> 
> 10) Simple Web Discovery
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-simple-web-discovery-00
> 
> ----------------
> 
> We have the following questions:
> 
> a) Are you interested in any of the above-listed items? (as a reviewer, co-
> author, implementer, or someone who would like to deploy). It is also useful
> to know if you think that we shouldn't work on a specific item.
> 
> b) Are there other items you would like to see the group working on?
> 
> Note: In case your document is expired please re-submit it.
> 
> Ciao
> Hannes & Barry
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth