There is one glitch to be sort out: the mime type for form encoding is not IANA registered. It should be registered by W3C. However, I expect it to be sort out pretty quickly.
Hannes, do you have any comment? Nat On Thu, Aug 2, 2012 at 10:55 AM, Steven WIllmott <stev...@gmail.com> wrote: > Hi Nat, > > Yes, indeed - just saw that on twitter, after sending the below. That's > good news - do you know what the expectation is for finalization? > > thanks and all the best, > steve. > > On Aug 1, 2012, at 11:42 PM, Nat Sakimura wrote: > > Hi Steve, > > Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be > sent to RFC Editor as of today. > That means, it is essentially done. > > Nat > > On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott <stev...@gmail.com> wrote: > >> Hi Hannes, >> >> Thanks for your answer - I can definitely understand the sentiments and >> of course as you mentioned before there is more than one side of the story >> and this absolutely isn't one person's decision! Also maybe official >> statements are not appropriate / possible but I would ask (and I think a >> lot of people would): >> >> 1. Will the IETF group complete the process and still finalize a full >> specification as forseen? (and in the >> timeframe forseen - I think the charter runs to 2013 if I'm not >> wrong. >> >> 2. Will there be any activity which takes on board / responds to some of >> the points made by Eran? (Note >> I'm not saying there is an obligation - just that it feels like some >> acknowledgement would make sense >> and a idea that the comments had been "received and considered" (or >> not)). >> >> You stated that Eran would disagree - which may be true of course, but I >> don't think this is a reason not to make statements. >> >> I guess what I'm trying to say above all is that people will be trying to >> make decisions about adoption and it would be helpful to have a forward >> looking statement from the IETF group as to where things are headed. Even >> if this is not at all in doubt for the group, it might be when seen from >> the outside. >> >> Don't know if that makes some kind of sense. >> >> steve. >> >> On Aug 1, 2012, at 2:42 PM, Hannes Tschofenig wrote: >> >> > Hi Steven, >> > >> > I don't think there will be a formal response and here are the reasons: >> > >> > a) the press does not seem to be interested to spend time looking at >> details since otherwise they would have at least gotten more input prior to >> post their stories. They did, however, only copy text from Eran's blog post. >> > >> > b) Eran is not likely to agree with us regardless of what we write. He >> did not care about the views of others during the past few years either. >> > >> > c) Those who had worked on an implementation and deployed OAuth 2.0 do >> not need any formal response from us. They have already experienced OAuth >> 2.0 and they, as many posts confirm, do not find it complicated to >> implement nor to deploy. >> > >> > d) Those who are thinking about using OAuth 2.0 need to think what they >> are trying to accomplish. Those trying to write their own OAuth 2.0 library >> will have to read through the specification. There is no way around it. >> Application developers, who are just using OAuth, will have to think about >> their use case. For example, if you want to write an application that uses >> Facebook then you will have to look at their SDK. For all the others who >> are creating their own application deployment (like a site that offers >> access to a protected resource) I suggest to re-use one of the existing >> libraries (instead of implementing OAuth from scratch). >> > For this group I doubt they are interested in any standardization >> related discussion. >> > >> > I hope that this makes sense to you. If you have any recommendations of >> what guidance developers would like to see I am sure we can put some >> information together. >> > >> > Ciao >> > Hannes >> > >> > On Jul 29, 2012, at 4:31 PM, Steven WIllmott wrote: >> > >> >> Hi Hannes, >> >> >> >> Do you think there will some sort of (semi?)formal response from the >> IETF group? I can understand that they might not want to, but some of the >> points made seem salient, the problem is/will become what recommendations >> go out to people what to implement. >> >> >> >> We get that question very regularly from users, so we have our >> thinking caps on at the moment. >> >> >> >> steve. >> >> >> >> On Jul 29, 2012, at 2:59 PM, Hannes Tschofenig wrote: >> >>> Thanks for sharing your views, Steve. >> >>> >> >>> I agree with your statements below and it would indeed be strange if >> Eran gets to decide that a technology dies (that is already widely >> implemented and deployed). >> >>> >> >>> I would have liked to get the specification finished earlier myself >> and, funny enough, Eran is also responsible for the delay (although not the >> only person). >> >>> >> >>> >> >>> On Jul 29, 2012, at 2:38 PM, Steven WIllmott wrote: >> >>> >> >>>> >> >>>> I certainly don't think it's dead - Eran makes some important points >> and the current 2.0 spec has certainly dragged a long time to get final. >> The biggest concern is fragmentation between implementations - the >> suggestion of using a concrete instantiation (e.g. Facebook) only take you >> so far. >> >>>> >> >>>> The IETF group is still a legitimate body, with a legitimate process >> - however given the nature of the criticisms and who they come from, I'd >> hope someone from that group steps forward and outlines a response and -- >> for the legitimate comments perhaps an evolutionary path. >> >>>> >> >>>> There are also some other potential efforts to monkey patch oAuth >> 1.0a - eg. see: http://news.ycombinator.com/item?id=4294959, but who >> knows where these will go. >> >>>> >> >>>> I wouldn't call oAuth dead - it's the best pattern we have for this >> kind of thing, but there's certainly a danger of fragmentation right now. >> >>>> >> >>>> steve. >> >>>> >> >>>> >> >>>> On Jul 29, 2012, at 6:24 AM, André Fiedler wrote: >> >>>> >> >>>>> OAuth 2.0 and the Road to Hell: >> >>>>> http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ >> >>>>> >> >>>>> >> >>>>> 2012/4/15 Hannes Tschofenig <hannes.tschofe...@gmx.net> >> >>>>> You can subscribe to the IETF OAuth mailing list here: >> >>>>> http://datatracker.ietf.org/wg/oauth/charter/ >> >>>>> >> >>>>> (On the left side you can find the links to the subscribe page as >> well as to the archive. If you look at the archive at >> http://www.ietf.org/mail-archive/web/oauth/current/maillist.html you >> will notice that there are "a few mails since May 2009...) >> >>>>> >> >>>>> On Mar 21, 2012, at 11:06 AM, André Fiedler wrote: >> >>>>> >> >>>>>> Ok, many thanks for your answers. So I will build upon OAuth >> (OAuth Provider) and hope this is the right step. >> >>>>>> >> >>>>>> 2012/3/21 Nat Sakimura <sakim...@gmail.com> >> >>>>>> So it has moved on to IETF from oauth.org. >> >>>>>> >> >>>>>> Google, Facebook among others have been implementing OAuth 2.0 >> various revisions to this date. >> >>>>>> OAuth 2.0 in IETF is near its completion. >> >>>>>> >> >>>>>> Best, >> >>>>>> >> >>>>>> Nat >> >>>>>> >> >>>>>> >> >>>>>> On Tue, Mar 20, 2012 at 4:16 AM, SunboX < >> fiedler.an...@googlemail.com> wrote: >> >>>>>> Last Blog-Post on oauth.net is from may 2009. All php libraries >> are >> >>>>>> sleeping since one year ( >> http://code.google.com/p/oauth-php/source/ >> >>>>>> list). >> >>>>>> Who did see OAuth 2.0 somewhere? >> >>>>>> >> >>>>>> Is OAuth death? >> >>>>>> >> >>>>>> -- >> >>>>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>>>> To post to this group, send email to oauth@googlegroups.com. >> >>>>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Nat Sakimura (=nat) >> >>>>>> Chairman, OpenID Foundation >> >>>>>> http://nat.sakimura.org/ >> >>>>>> @_nat_en >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>>>> To post to this group, send email to oauth@googlegroups.com. >> >>>>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>>>> To post to this group, send email to oauth@googlegroups.com. >> >>>>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>>>> >> >>>>> -- >> >>>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>>> To post to this group, send email to oauth@googlegroups.com. >> >>>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>>>> >> >>>>> >> >>>>> >> >>>>> -- >> >>>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>>> To post to this group, send email to oauth@googlegroups.com. >> >>>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>>> >> >>>> >> >>>> -- >> >>>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>>> To post to this group, send email to oauth@googlegroups.com. >> >>>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>> >> >>> -- >> >>> You received this message because you are subscribed to the Google >> Groups "OAuth" group. >> >>> To post to this group, send email to oauth@googlegroups.com. >> >>> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> >>> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >>> >> >> >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OAuth" group. >> To post to this group, send email to oauth@googlegroups.com. >> To unsubscribe from this group, send email to >> oauth+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=en. >> >> > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oauth@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oauth@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.