Re: [OAUTH-WG] First draft of OAuth 2.0

Eve Maler <eve@xmlgrrl.com> Mon, 22 March 2010 01:12 UTC

Return-Path: <eve@xmlgrrl.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCF573A6997 for <oauth@core3.amsl.com>; Sun, 21 Mar 2010 18:12:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.437
X-Spam-Level: **
X-Spam-Status: No, score=2.437 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, FROM_DOMAIN_NOVOWEL=0.5, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82vEd0racA3H for <oauth@core3.amsl.com>; Sun, 21 Mar 2010 18:12:03 -0700 (PDT)
Received: from mail.promanage-inc.com (eliasisrael.com [98.111.84.13]) by core3.amsl.com (Postfix) with ESMTP id F24023A6B15 for <oauth@ietf.org>; Sun, 21 Mar 2010 18:11:50 -0700 (PDT)
Received: from dhcp-wireless-open-abg-26-233.meeting.ietf.org (dhcp-wireless-open-abg-26-233.meeting.ietf.org [130.129.26.233] (may be forged)) (authenticated bits=0) by mail.promanage-inc.com (8.14.3/8.14.3) with ESMTP id o2M1Bw8f026565 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 21 Mar 2010 18:11:59 -0700
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <BFD74694-412D-47EB-9481-6E3CAD5D6E40@facebook.com>
Date: Sun, 21 Mar 2010 18:12:01 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <7477F0EE-4878-4D91-9DE2-7D013AFE415D@xmlgrrl.com>
References: <526C3C44-18CF-4A94-A4C6-72702F73AC83@facebook.com> <DEDA56D8-EF7C-4BD1-97E9-B9415424F328@xmlgrrl.com> <cb5f7a381003211253l19906650j5382a66116416016@mail.gmail.com> <BFD74694-412D-47EB-9481-6E3CAD5D6E40@facebook.com>
To: David Recordon <davidrecordon@facebook.com>
X-Mailer: Apple Mail (2.1077)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2010 01:12:04 -0000

On 21 Mar 2010, at 1:43 PM, David Recordon wrote:

> The goal of the, "the authorization server advertises (such as via documentation) the URIs of the following three endpoints" wording was to allow for a discovery process that is defined separately from this spec.  Is that unclear?  Have other words to propose?

So perhaps this wants to be a thin spec that can be combined with the OAuth core spec, if there's general interest in it.  (In the UMA spec, we were already in the position of making up some XRD to describe a couple of WRAP endpoints, along with UMA endpoints and metadata.  It would be nice to have a canonical version of the former, at the least.)

> 
> Eve, thanks for the detailed feedback!  Future email coming with commits or comments for each one.

Hopefully sometime before the actual meeting tomorrow, I'll respond with spec text ideas where you -- very reasonably :-) -- asked me to supply some.

	Eve

> 
> --David
> 
> On Mar 21, 2010, at 12:53 PM, John Panzer wrote:
> 
>> +1 to ensuring that dynamic introduction is possible.  I see a lot of
>> discussions that end up saying that this or that can be spec'd in the
>> server docs and the client hard coded to the docs; this is fine for
>> some features but not for very general ones that everybody needs to
>> use.

Eve Maler
eve@xmlgrrl.com
http://www.xmlgrrl.com/blog