[OAUTH-WG] Use case document

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 22 June 2012 07:08 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B0E1A11E8083 for <oauth@ietfa.amsl.com>; Fri, 22 Jun 2012 00:08:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.504
X-Spam-Status: No, score=-102.504 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id MnIzLWHXXP4U for <oauth@ietfa.amsl.com>; Fri, 22 Jun 2012 00:07:59 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net []) by ietfa.amsl.com (Postfix) with SMTP id 42F3911E8080 for <oauth@ietf.org>; Fri, 22 Jun 2012 00:07:59 -0700 (PDT)
Received: (qmail invoked by alias); 22 Jun 2012 07:07:57 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO []) [] by mail.gmx.net (mp041) with SMTP; 22 Jun 2012 09:07:57 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19Vp5ZY0PFVv3iP83bXR1wRgePH5GosfYy5980uSZ 0oUDJBhYa08C/U
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 22 Jun 2012 10:07:56 +0300
Message-Id: <970540AE-E139-424E-BC90-F04113F7D53A@gmx.net>
To: "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Use case document
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2012 07:08:00 -0000

Hi all, 

I just looked at the use case document and a few questions came to my mind:

* Who is the lead editor? 

* The abstract and the introduction explain the history of why the document exists. You may want to change that to an introduction that describes what use cases are in the document and why you have chosen them instead of thousands of others,  and why the reader should look into them. After some time (and particularly after the publication as an RFC) it does not matter whether the use cases got collected between IETF 77 and IETF 78.  

* The reference to RFC 2119 is not needed and Section 2 is not needed. 

* More important, however, is the question of what use cases should be covered in the document and how you call them. Needless to say that there are many use cases for OAuth. For example, I believe it makes little sense to list use cases according to what data is exchanged (social networking information vs. travel plans vs. payment information). So, what are the distinguishing aspects that make it worthwhile for a use cases to be included? 

I would say that the different protocol profiles somehow have to be covered. This includes the different cases for the various authorization grants. I would also say that different security levels matter.  If you do that then it would also be useful to connect the individual use cases back to the other working group documents via references. 

Other aspects that could matter are different implementation strategies or different user appearance. On the latter the device flow is an example. 

In any case, you have to decide what the criteria are since this determines your target audience. Who do you expect will most likely benefit from reading this document? 

There are various use cases in the document that are not sufficiently different from the rest unless you highlight some aspects that you think are really essential.