Re: [OAUTH-WG] OK to post OAuth Bearer draft 15?
Barry Leiba <barryleiba@computer.org> Sun, 18 December 2011 18:51 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A895621F85A8 for <oauth@ietfa.amsl.com>; Sun, 18 Dec 2011 10:51:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.377
X-Spam-Level:
X-Spam-Status: No, score=-100.377 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgYoQKr980Vy for <oauth@ietfa.amsl.com>; Sun, 18 Dec 2011 10:51:18 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1DBA921F852E for <oauth@ietf.org>; Sun, 18 Dec 2011 10:51:18 -0800 (PST)
Received: by yhjj72 with SMTP id j72so4360856yhj.31 for <oauth@ietf.org>; Sun, 18 Dec 2011 10:51:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=WYWkH81zVfQrOyEmJNv7FjOu0IMex7QYvq7NHPxM7vc=; b=pscyDZ0dbJvjA8FTbwiE0pCAOzYEhJKJFY9Hn9/OH7LTywxHInCnaNJKAlK/tTn+UY wd/TmLZHfX/eUe6rBo4pJKGTclyK/K0D0a/kxnvu5Z7C7BENpSmiHroXZAtOrizjQz6N LYZN38tjpICNHpZ/JtgmOASdAd4TJ+exfuNKU=
MIME-Version: 1.0
Received: by 10.236.154.42 with SMTP id g30mr24801494yhk.3.1324234277692; Sun, 18 Dec 2011 10:51:17 -0800 (PST)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.146.225.26 with HTTP; Sun, 18 Dec 2011 10:51:17 -0800 (PST)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435F7650C6@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739435F7650C6@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Sun, 18 Dec 2011 13:51:17 -0500
X-Google-Sender-Auth: ZruXfXkNTM8KL471PR-fdkXwAf4
Message-ID: <CAC4RtVBSYjg7XTDi5Vd39oOWyKiGoS=iGyuEu792B2cRd7Uvwg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OK to post OAuth Bearer draft 15?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2011 18:51:18 -0000
> Unless I hear a “no” from Mark, the chairs, or Stephen I’ll plan to publish > -15 over the weekend. (Or if I hear a “yes”, I’ll do so right away. J) In general, I always prefer that people have the latest text to review and comment on, and when there are significant updates to distribute, a new version is a good thing. Versions are cheap, so we should publish them often. So, that's a yes. There's also something else I want to say: I consider Mark's comments to be significant and important, and I don't consider them to have been adequately addressed. He's brought up concerns that the working group had not previously thought about, and which are real problems in how communication with web services works, with respect to bearer tokens. Let me point out that "this represents working-group consensus" is not always a valid response. If the working group has actually considered the *issue*, that might be OK. But if there's consensus for the chosen solution and someone brings up a *new* issue with it, that issue needs to be addressed anew. Suppose the working group looks at a particular question and decides on solution X. Suppose there's not really even any argument, but unanimous agreement that X is the simplest approach, and everyone strongly supports X. So that goes into the document. Then someone reviews it and says, "Solution X has a very nasty failure mode in situation Q, and that makes it extremely problematic for this usage. You really need to do Y or Z in order for it to work safely." Saying that X represents working-group consensus doesn't fly here. It does, but the working group never thought about the situation-Q failure condition, and now has to address things in that light. The answer *after* that might be "Consensus is that Q will never arise in our usage, so X remains viable, and is the best solution for us," and that's OK. But the discussion and the consideration of alternatives that don't have the cited problem needs to happen. As Mark points out, he does not have the standing to block the publication of anything; he has just brought up issues that he sees with the document as it stands. But the chairs, the responsible AD, and, ultimately, the rest of the IESG can block publication if substantive issues have not been addressed, and we think that the unresolved problems could be bad for the Internet. The working group needs to make sure that it's clear how those substantive issues have been addressed, or why they don't matter. Barry, as chair
- [OAUTH-WG] OK to post OAuth Bearer draft 15? Mike Jones
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? Mark Nottingham
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? Mike Jones
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? S Moonesamy
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? Barry Leiba
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? Mike Jones
- [OAUTH-WG] auth-param syntax, was: OK to post OAu… Julian Reschke
- Re: [OAUTH-WG] OK to post OAuth Bearer draft 15? Mark Nottingham
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… John Bradley
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… John Bradley
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Mike Jones
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… Julian Reschke
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills
- Re: [OAUTH-WG] auth-param syntax, was: OK to post… William Mills