First, if you are not yet subscribed to the IETF OAuth list ([email protected]) you should go and subscribe now:
https://www.ietf.org/mailman/listinfo/oauth This will be *my* last attempt to get people on this list involved in the IETF effort or to update here on what is going on. The IETF working group is where new versions of the protocol are discussed, and if this is something you care about and want to stay connected to, it is where you need to be. I am well aware that the IETF WG has been mostly inactive since it was created. I am personally done waiting and will begin to push out drafts and changes based on whatever consensus is available, even if it is based on a handful of individuals. As always, showing up is 80% of the work. The current drafts are: http://tools.ietf.org/html/draft-ietf-oauth-authentication http://tools.ietf.org/html/draft-ietf-oauth-web-delegation I plan to publish new revisions of the above drafts to include: * Error codes and optional debug information * Cleanup of the authentication extensibility model * Change the version / protocol extensibility model In addition to general feedback about the drafts, I am looking for specific feedback on the following items which I plan to address in the next drafts: * Drop core support for the RSA-SHA1 method * Replace HMAC-SHA1 with HMAC-SHA256 * Define the authentication parameters as method-specific (for example, drop nonce and timestamp from PLAINTEXT) * The proposed Problem Reporting extension [1], its richness and complexity * Making the HMAC signature method required for all server implementations * Changing the delegation flow to require HTTP POST instead of recommending it * Mandating server support for all three parameter transmission methods * Adding a token revocation endpoint * Adding the ability for servers to declare their configuration (methods, etc.) in the WWW-Authenticate header response * The value of the client credentials (Consumer Key) and feedback from actual implementation experience In order for your feedback to be included or considered for the next revisions it must be received by 10/2 on the [email protected] list. Please do not provide feedback on this list because it will be ignored. EHL [1] http://wiki.oauth.net/ProblemReporting --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
