I think the goal of the next two months is to produce two semi-stable drafts covering the two parts of the protocol:
1. Authentication - how to make authenticated requests / signed messages using token credentials. This will be based on my token auth draft [1] as a starting point. There are a few open issues to decide based on feedback received from Panzer and Eaton which I will post about shortly. 2. Authorization - how to obtain a set of token credentials using web redirection and other flows introduced by WRAP. This will be a new draft using the web-delegation draft [2] skeleton and the flows in WRAP section 5 [3]. There are many open issues to decide, starting with which flows to keep, which to move to an extension, and if there are additional ones to add. These drafts will be locked before the WG meeting to allow review and will be discussed at the meeting. We will also discuss any charter changes required to accommodate the drafts. This approach will allow us to focus on the work and worry about the charter at the meeting. This will ensure we ground the process in actual technical consensus. Comments? EHL [1] http://tools.ietf.org/html/draft-hammer-http-token-auth [2] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation [3] http://bit.ly/oauth-wrap _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
