IETF Logo Mail Archive

Re: [Txauth] WG name: TxAuth? XAuth? Something else?

Justin Richer <jricher@mit.edu> Tue, 17 March 2020 21:13 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC043A0762 for <txauth@ietfa.amsl.com>; Tue, 17 Mar 2020 14:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tv0VQYKUDWPB for <txauth@ietfa.amsl.com>; Tue, 17 Mar 2020 14:13:26 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 772283A0747 for <txauth@ietf.org>; Tue, 17 Mar 2020 14:13:26 -0700 (PDT)
Received: from [192.168.1.5] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 02HLDOmY028938 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Mar 2020 17:13:24 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <1E9C78E5-6D06-4973-B69B-3E7DF46E5B9E@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5F9BA250-1137-4F64-8901-778A4B522495"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 17 Mar 2020 17:13:23 -0400
In-Reply-To: <CH2PR00MB0678313B29175587B7CD3E1AF5F60@CH2PR00MB0678.namprd00.prod.outlook.com>
Cc: Dick Hardt <dick.hardt@gmail.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, "txauth@ietf.org" <txauth@ietf.org>
To: Mike Jones <Michael.Jones@microsoft.com>
References: <CH2PR00MB0678313B29175587B7CD3E1AF5F60@CH2PR00MB0678.namprd00.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/SstznO9pBCheVX_AQHLkmKK0QGE>
Subject: Re: [Txauth] WG name: TxAuth? XAuth? Something else?
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2020 21:13:29 -0000

Mike,

Yes, I agree, and we decided some time back on this list to not push calling it OAuth 3. That is not what I’m saying to do and not what we are discussing. I still think that this is a potential outcome through coordination with the OAuth working group some day in the future, but that’s not for us to decide now and it’s not for us to decide alone. 

This is exactly why I’m arguing that we should use the branding of “TxAuth” for this work right now. 

The AD’s and I went back and forth with a bunch of different names for this list, and I still think we came up with a decent one here, and we should stick with that. I had originally proposed that we call the list itself “xyz”, but realized after some discussion that it would have been pretentious and presumptuous to try to name a potentially future working group after my own existing solution. 

So again I say we just call it TxAuth and not get distracted by the naming discussion. If you search for “txauth” on the web, nearly everything you find points back to this group and this work. We’ve already got a solid brand under this term, it fits pretty well, and we should run with it for now.

 — Justin

> On Mar 17, 2020, at 12:24 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> 
> If this work were happening in the OAuth working group, calling it OAuth 3 would be a decision that could be taken by the working group.  But unless it moves to the OAuth working group, I believe that it would be unreasonable to usurp branding belonging to a different working group.  TxAuth should have its own distinct brand chosen by its to-be-formed working group.
>  
>                                                        -- Mike
>  
> From: Txauth <txauth-bounces@ietf.org <mailto:txauth-bounces@ietf.org>> On Behalf Of Justin Richer
> Sent: Tuesday, March 17, 2020 6:11 AM
> To: Dick Hardt <dick.hardt@gmail.com <mailto:dick.hardt@gmail.com>>
> Cc: Yaron Sheffer <yaronf.ietf@gmail.com <mailto:yaronf.ietf@gmail.com>>; txauth@ietf.org <mailto:txauth@ietf.org>
> Subject: Re: [Txauth] WG name: TxAuth? XAuth? Something else?
>  
> And another thought — there’s a pretty decent chance that we’ll end up branding this whole effort OAuth 3 in the future. 
>  
> The list is named ‘txauth’. Therefore, calling what we’re working on anything different from that seems silly and premature.
>  
> I say we just stick with TxAuth to match the list and avoid the whole naming discussion entirely.
>  
>  — Justin
> 
> 
> On Mar 16, 2020, at 9:56 PM, Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote:
>  
> Yes, naming things is hard — but I still believe in the name TxAuth. We’re moving beyond OAuth, and taking the process of getting an authorization delegated to the client software as a multi-step, multi-party transaction is, I believe, the key insight that’s letting us move beyond OAuth’s limitations here. It’s not just about going to the AS first — we had that in OAuth 1 and we’re patching that into OAuth 2 with PAR. I really think it’s about the transaction at the core. 
>  
> Having come of age in the 1990’s, I have particular dislike for XAuth. It sounds too “X-TREME” and “X-CITING”, and if you read either of those with a growling yell in your head then you know exactly what I’m talking about. And to Dick’s rationale for the name below, I absolutely do NOT see this work as “OAuth with all the extra features”. I think that does a disservice to the kind of change we have an opportunity to make here. 
>  
>  — Justin
> 
> 
> On Mar 16, 2020, at 7:04 PM, Dick Hardt <dick.hardt@gmail.com <mailto:dick.hardt@gmail.com>> wrote:
>  
> Hello everyone
>  
> I prompted a thread around the name of the protocol a while back:
>  
> https://mailarchive.ietf.org/arch/msg/txauth/ZVQVbHt4ADqehKrBDXOrTr_s_wc/ <https://mailarchive.ietf.org/arch/msg/txauth/ZVQVbHt4ADqehKrBDXOrTr_s_wc/>
>  
> As Justin stated "naming is hard"
>  
> Wearing my marketing hat I want to ensure that the name will be perceived properly in the broader community.
>  
> A recent example that comes to mind are the privacy related works on the browser storage API. Given that name, one would think that it is local storage. It is actually about browser cookies.
>  
> Justin discussed his reasons for TxAuth in the thread above (and I'm sure in other places)
>  
> I chose XAuth in my draft to reflect the eXtensibility goal that we have over OAuth -- and XAuth is OAuth but with an X to reflect all the extra features. =)
>  
> Other suggestions?
>  
> This will be an agenda item in the BoF -- but the name will NOT be an open discussion item -- we will summarize what has been discussed on the list and perhaps do a poll of options presented unless consensus is obvious from this thread.
>  
> /Dick
>  
>  
>  
>  
>  
> ᐧ
>  
> -- 
> Txauth mailing list
> Txauth@ietf.org <mailto:Txauth@ietf.org>
> https://www.ietf.org/mailman/listinfo/txauth <https://www.ietf.org/mailman/listinfo/txauth>

v2.23.0 | Report a Bug | By Email