There is one glitch to be sort out: the mime type for form encoding is not
IANA registered. It should be registered by W3C.
However, I expect it to be sort out pretty quickly.

Hannes, do you have any comment?

Nat

On Thu, Aug 2, 2012 at 10:55 AM, Steven WIllmott <stev...@gmail.com> wrote:

> Hi Nat,
>
> Yes, indeed - just saw that on twitter, after sending the below. That's
> good news - do you know what the expectation is for finalization?
>
>  thanks and all the best,
>  steve.
>
> On Aug 1, 2012, at 11:42 PM, Nat Sakimura wrote:
>
> Hi Steve,
>
> Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be
> sent to RFC Editor as of today.
> That means, it is essentially done.
>
> Nat
>
> On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott <stev...@gmail.com> wrote:
>
>> Hi Hannes,
>>
>> Thanks for your answer - I can definitely understand the sentiments and
>> of course as you mentioned before there is more than one side of the story
>> and this absolutely isn't one person's decision! Also maybe official
>> statements are not appropriate / possible but I would ask (and I think a
>> lot of people would):
>>
>>  1. Will the IETF group complete the process and still finalize a full
>> specification as forseen? (and in the
>>      timeframe forseen - I think the charter runs to 2013 if I'm not
>> wrong.
>>
>>  2. Will there be any activity which takes on board / responds to some of
>> the points made by Eran? (Note
>>      I'm not saying there is an obligation - just that it feels like some
>> acknowledgement would make sense
>>      and a idea that the comments had been "received and considered" (or
>> not)).
>>
>> You stated that Eran would disagree - which may be true of course, but I
>> don't think this is a reason not to make statements.
>>
>> I guess what I'm trying to say above all is that people will be trying to
>> make decisions about adoption and it would be helpful to have a forward
>> looking statement from the IETF group as to where things are headed. Even
>> if this is not at all in doubt for the group, it might be when seen from
>> the outside.
>>
>> Don't know if that makes some kind of sense.
>>
>>  steve.
>>
>> On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote:
>>
>> > Hi Steven,
>> >
>> > I don't think there will be a formal response and here are the reasons:
>> >
>> > a) the press does not seem to be interested to spend time looking at
>> details since otherwise they would have at least gotten more input prior to
>> post their stories. They did, however, only copy text from Eran's blog post.
>> >
>> > b) Eran is not likely to agree with us regardless of what we write. He
>> did not care about the views of others during the past few years either.
>> >
>> > c) Those who had worked on an implementation and deployed OAuth 2.0 do
>> not need any formal response from us. They have already experienced OAuth
>> 2.0 and they, as many posts confirm, do not find it complicated to
>> implement nor to deploy.
>> >
>> > d) Those who are thinking about using OAuth 2.0 need to think what they
>> are trying to accomplish. Those trying to write their own OAuth 2.0 library
>> will have to read through the specification. There is no way around it.
>> Application developers, who are just using OAuth, will have to think about
>> their use case. For example, if you want to write an application that uses
>> Facebook then you will have to look at their SDK. For all the others who
>> are creating their own application deployment (like a site that offers
>> access to a protected resource) I suggest to re-use one of the existing
>> libraries (instead of implementing OAuth from scratch).
>> > For this group I doubt they are interested in any standardization
>> related discussion.
>> >
>> > I hope that this makes sense to you. If you have any recommendations of
>> what guidance developers would like to see I am sure we can put some
>> information together.
>> >
>> > Ciao
>> > Hannes
>> >
>> > On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote:
>> >
>> >> Hi Hannes,
>> >>
>> >> Do you think there will some sort of (semi?)formal response from the
>> IETF group? I can understand that they might not want to, but some of the
>> points made seem salient, the problem is/will become what recommendations
>> go out to people what to implement.
>> >>
>> >> We get that question very regularly from users, so we have our
>> thinking caps on at the moment.
>> >>
>> >> steve.
>> >>
>> >> On Jul 29, 2012, at 2:59 PM, Hannes Tschofenig wrote:
>> >>> Thanks for sharing your views, Steve.
>> >>>
>> >>> I agree with your statements below and it would indeed be strange if
>> Eran gets to decide that a technology dies (that is already widely
>> implemented and deployed).
>> >>>
>> >>> I would have liked to get the specification finished earlier myself
>> and, funny enough, Eran is also responsible for the delay (although not the
>> only person).
>> >>>
>> >>>
>> >>> On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote:
>> >>>
>> >>>>
>> >>>> I certainly don't think it's dead - Eran makes some important points
>> and the current 2.0 spec has certainly dragged a long time to get final.
>> The biggest concern is fragmentation between implementations - the
>> suggestion of using a concrete instantiation (e.g. Facebook) only take you
>> so far.
>> >>>>
>> >>>> The IETF group is still a legitimate body, with a legitimate process
>> - however given the nature of the criticisms and who they come from, I'd
>> hope someone from that group steps forward and outlines a response and --
>> for the legitimate comments perhaps an evolutionary path.
>> >>>>
>> >>>> There are also some other potential efforts to monkey patch oAuth
>> 1.0a - eg. see: http://news.ycombinator.com/item?id=4294959, but who
>> knows where these will go.
>> >>>>
>> >>>> I wouldn't call oAuth dead - it's the best pattern we have for this
>> kind of thing, but there's certainly a danger of fragmentation right now.
>> >>>>
>> >>>> steve.
>> >>>>
>> >>>>
>> >>>> On Jul 29, 2012, at 6:24 AM, André Fiedler wrote:
>> >>>>
>> >>>>> OAuth 2.0 and the Road to Hell:
>> >>>>> http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
>> >>>>>
>> >>>>>
>> >>>>> 2012/4/15 Hannes Tschofenig <hannes.tschofe...@gmx.net>
>> >>>>> You can subscribe to the IETF OAuth mailing list here:
>> >>>>> http://datatracker.ietf.org/wg/oauth/charter/
>> >>>>>
>> >>>>> (On the left side you can find the links to the subscribe page as
>> well as to the archive. If you look at the archive at
>> http://www.ietf.org/mail-archive/web/oauth/current/maillist.html you
>> will notice that there are "a few mails since May 2009...)
>> >>>>>
>> >>>>> On Mar 21, 2012, at 11:06 AM, André Fiedler wrote:
>> >>>>>
>> >>>>>> Ok, many thanks for your answers. So I will build upon OAuth
>> (OAuth Provider) and hope this is the right step.
>> >>>>>>
>> >>>>>> 2012/3/21 Nat Sakimura <sakim...@gmail.com>
>> >>>>>> So it has moved on to IETF from oauth.org.
>> >>>>>>
>> >>>>>> Google, Facebook among others have been implementing OAuth 2.0
>> various revisions to this date.
>> >>>>>> OAuth 2.0 in IETF is near its completion.
>> >>>>>>
>> >>>>>> Best,
>> >>>>>>
>> >>>>>> Nat
>> >>>>>>
>> >>>>>>
>> >>>>>> On Tue, Mar 20, 2012 at 4:16 AM, SunboX <
>> fiedler.an...@googlemail.com> wrote:
>> >>>>>> Last Blog-Post on oauth.net is from may 2009. All php libraries
>> are
>> >>>>>> sleeping since one year (
>> http://code.google.com/p/oauth-php/source/
>> >>>>>> list).
>> >>>>>> Who did see OAuth 2.0 somewhere?
>> >>>>>>
>> >>>>>> Is OAuth death?
>> >>>>>>
>> >>>>>> --
>> >>>>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Nat Sakimura (=nat)
>> >>>>>> Chairman, OpenID Foundation
>> >>>>>> http://nat.sakimura.org/
>> >>>>>> @_nat_en
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>>>
>> >>>>> --
>> >>>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>>
>> >>>>
>> >>>> --
>> >>>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>>> To post to this group, send email to oauth@googlegroups.com.
>> >>>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>
>> >>> --
>> >>> You received this message because you are subscribed to the Google
>> Groups "OAuth" group.
>> >>> To post to this group, send email to oauth@googlegroups.com.
>> >>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> >>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>> >>>
>> >>
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OAuth" group.
>> To post to this group, send email to oauth@googlegroups.com.
>> To unsubscribe from this group, send email to
>> oauth+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/oauth?hl=en.
>>
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oauth@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oauth@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

-- 
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com.
To unsubscribe from this group, send email to 
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/oauth?hl=en.

Reply via email to