Ludwig Seitz <> wrote:
    > I agree that onboarding is a valid concern (which is why I wrote
    > appendix B), 
    > but lets not delay draft-ietf-ace-oauth-authz any further by adding a 
    > new set of functionality in it.

Back at the beginning of ACE it was clear that onboarding was an entire
project of itself.  That's why I argued to keep it out of the first charter.

Onboarding suffers from a tendancy to boil the ocean, combined with the
elephant/blind-men problem.    The way to tackle onboarding is not with
a single unifying ocean boiling protocol, but rather by letting each
interested party define small protocols, and over time find commonality.
I get the vision of:

So while it is unfortunate if some implementers feel to be "in the dark",
before we could rectify that situation, we'd have to know which implementers
we are worried about.

Michael Richardson <>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

Ace mailing list

Reply via email to