Hi Mike, Inline
On 2017-09-29 19:25, "Ace on behalf of Michael StJohns" <[email protected] on behalf of [email protected]> wrote: >On 9/28/2017 1:42 PM, Kathleen Moriarty wrote: >> Hi Mike, >> >> I had specifically reached out to the chairs asking for a virtual >>interim on the profiles and was surprised by that not being listed. >>This was a result of agreement at the face to face. It's not that one >>is being held hostage, Kepeng has already offered to run 2 separate >>sessions within the same week. Maybe you missed a message? >> >> Best, >> Kathleen > >Hi Kathleen - > >No - I hadn't missed the message. In fact it's part of the chain >below. I think that doing two sessions is a reasonable resolution. > >Hannes had already suggested two sessions when Goran made his comment. >I was responding to Goran's. While I appreciate Goran's frustration >with the slow pace of things in ACE, I also appreciate that we can only >do what people are willing to spend time doing Does that include what chairs are willing to spend time doing? > and I was also giving >voice to my perception that there really isn't a good common >understanding of what's acceptable as an ACE work item. > >The original ACE charter was somewhat compact and I would have been >happy had the group completed the last two items on the currently >approved charter and closed up shop. Instead the group as a whole >decided to adopt a bunch more items without amending the charter setting >somewhat of a precedent. Now we've started down the path of profiles >which are also non-charter items. > I'm confused as to why these are any >different with respect to working group consideration than an item on >certificate enrollment? (I'm not sure I would buy the argument that the >profiles are "mechanisms suitable for resource access in constrained >environments" and that "certificate enrollment" is not) The ACE framework (draft-ietf-ace-oauth-authz) does not specify an complete solution, only the part how OAuth 2.0 is adapted to IoT. The ACE profiles are providing the missing part, namely how client and resource server communicate and process the messages, but these depend on the technology supported by the devices, and in case of IoT we have to accept that different deployment settings may require different protocols bring used. This is the reason for the profiles. In other words we are simply not done with what this WG is chartered for. The “Authentication and Authorization Solution” is not identical with the ACE framework. The discussion now is not if profiles should be adopted, but which profiles and in which order. Göran _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
