We are going to respond to Eran's blog post. We would like to respond with some real content instead of vague statements.
I would find it useful if anyone of you who likes to agree or disagree to have at least read the OAuth specification. I had noticed that many of those who share their valuable thoughts have not even spent the time to look at the document. Hannes Sent from my Windows Phone -----Original Message----- From: ext SM Sent: 7/29/2012 8:23 AM To: Yaron Sheffer; [email protected] Subject: Re: Oauth blog post Hi Yaron, At 05:52 AM 7/29/2012, Yaron Sheffer wrote: >this blog post ( >http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/) >by the editor of OAuth 2.0 made the rounds of >the geek news outlets: Slashdot, CNet etc. I am >sure many people on this list have seen it. But >I have seen no reactions on this list, nor on >the SAAG list. Is this too unimportant to >discuss? Is there nothing we, as an organization, can learn from it? OAuth2 is more within Apps than SAAG. People discuss about topics they are interested instead of what you or I would consider as important. I don't know whether the IETF learns anything from its failures. It can always redefine failure so that it becomes known as success. :-) It is to Eran's credit that he did not seek all the credit when he could have done so. What I could learn from that is that "doing the right thing" will be forgotten when it is convenient to do so. The WG Chairs did something unusual to try and resolve the situation. That's in the mailing list archive for anyone to read if the person thinks that it is important. I'll highlight the following: "[the] working group at the IETF started with strong web presence. But as the work dragged on (and on) past its first year, those web folks left along with every member of the original 1.0 community. The group that was left was largely all enterprise and me." It's not the first time that this occurs. It is up to the IETF to assess whether it is detrimental to have such an outcome. Regards, -sm
