Re: [Txauth] Revisiting the photo sharing example (a driving use case for the creation of OAuth)

[Benjamin Kaduk <kaduk@mit.edu>]

Hi Denis,

On Tue, Aug 04, 2020 at 11:31:34AM +0200, Denis wrote:
> Hi Justin,
> 
> Since you replied in parallel, I will make a response similar to the one 
> I sent to Dick.
> 
> > Hi Denis,
> >
> > I think there’s still a problem with the terminology in use here. What 
> > you describe as RS2, which might in fact be an RS unto itself, is a 
> > “Client” in OAuth parlance because it is /a client of RS1/. What you 
> > call a “client” has no analogue in the OAuth world, but it is not at 
> > all the same as an OAuth client. I appreciate your mapping of the 
> > entities below, but it makes it difficult to hold a discussion if we 
> > aren’t using the same terms.
> >
> > The good news is that this isn’t OAuth, and as a new WG we can define 
> > our own terms. The bad news is that this is really hard to do.
> >
> > In GNAP, we shouldn’t just re-use existing terms with new definitions, 
> > but we’ve got a chance to be more precise with how we define things.
> 
> In the ISO context, each document must define its own terminology. The 
> boiler plate for RFCs does not mandate a terminology or definitions section
> but does not prevent it either. The vocabulary is limited and as long as 
> we clearly define what our terms are meaning, we can re-use a term already
> used in another RFC. This is also the ISO approach.

Just because we can do something does not necessarily mean that it is a
good idea to do so.  We are clear that we are producing a protocol that is
conceptually (if not more strongly) related to OAuth 2.0, and reusing terms
from OAuth 2.0 but with different definitions may lead to unnecessary
confusion.  If I understand correctly, a similar reasoning prompted Dick to
use the term "GS" in XAuth, picking a name that was not already used in
OAuth 2.0.

-Ben