I think the goal of the next two months is to produce two semi-stable drafts
covering the two parts of the protocol:

1. Authentication - how to make authenticated requests / signed messages
using token credentials. This will be based on my token auth draft [1] as a
starting point. There are a few open issues to decide based on feedback
received from Panzer and Eaton which I will post about shortly.

2. Authorization - how to obtain a set of token credentials using web
redirection and other flows introduced by WRAP. This will be a new draft
using the web-delegation draft [2] skeleton and the flows in WRAP section 5
[3]. There are many open issues to decide, starting with which flows to
keep, which to move to an extension, and if there are additional ones to
add.

These drafts will be locked before the WG meeting to allow review and will
be discussed at the meeting. We will also discuss any charter changes
required to accommodate the drafts. This approach will allow us to focus on
the work and worry about the charter at the meeting. This will ensure we
ground the process in actual technical consensus.

Comments?

EHL

[1] http://tools.ietf.org/html/draft-hammer-http-token-auth
[2] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation
[3] http://bit.ly/oauth-wrap

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to