[OAUTH-WG] Use case document

[Hannes Tschofenig <hannes.tschofenig@gmx.net>]

Hi all, 

I just looked at the use case document and a few questions came to my mind:

* Who is the lead editor? 

* The abstract and the introduction explain the history of why the document exists. You may want to change that to an introduction that describes what use cases are in the document and why you have chosen them instead of thousands of others,  and why the reader should look into them. After some time (and particularly after the publication as an RFC) it does not matter whether the use cases got collected between IETF 77 and IETF 78.  

* The reference to RFC 2119 is not needed and Section 2 is not needed. 

* More important, however, is the question of what use cases should be covered in the document and how you call them. Needless to say that there are many use cases for OAuth. For example, I believe it makes little sense to list use cases according to what data is exchanged (social networking information vs. travel plans vs. payment information). So, what are the distinguishing aspects that make it worthwhile for a use cases to be included? 

I would say that the different protocol profiles somehow have to be covered. This includes the different cases for the various authorization grants. I would also say that different security levels matter.  If you do that then it would also be useful to connect the individual use cases back to the other working group documents via references. 

Other aspects that could matter are different implementation strategies or different user appearance. On the latter the device flow is an example. 

In any case, you have to decide what the criteria are since this determines your target audience. Who do you expect will most likely benefit from reading this document? 

There are various use cases in the document that are not sufficiently different from the rest unless you highlight some aspects that you think are really essential. 

Ciao
Hannes