<hat type='chair'/> On 1/13/10 5:53 PM, Eran Hammer-Lahav wrote: > I think the goal of the next two months is to produce two semi-stable drafts > covering the two parts of the protocol: > > 1. Authentication - how to make authenticated requests / signed messages > using token credentials. This will be based on my token auth draft [1] as a > starting point. There are a few open issues to decide based on feedback > received from Panzer and Eaton which I will post about shortly. > > 2. Authorization - how to obtain a set of token credentials using web > redirection and other flows introduced by WRAP. This will be a new draft > using the web-delegation draft [2] skeleton and the flows in WRAP section 5 > [3]. There are many open issues to decide, starting with which flows to > keep, which to move to an extension, and if there are additional ones to > add. > > These drafts will be locked before the WG meeting to allow review and will > be discussed at the meeting. We will also discuss any charter changes > required to accommodate the drafts. This approach will allow us to focus on > the work and worry about the charter at the meeting. This will ensure we > ground the process in actual technical consensus.
That approach sounds quite reasonable. Two comments: a. In my opinion the scenarios are not limited to what has been introduced by the WRAP discussions, and I have been encouraging folks to submit I-Ds that document additional scenarios as input to our understanding of the problem space (the WRAP authors will submit their work soon, as well). b. Once we have a clear grasp of the problem space, we'll be able to make longer-lasting progress on solutions. As you have outlined, at a high level the solutions are how to make authenticated requests and how to obtain credentials for making such requests, but it seems to me that there's still quite a bit of work to be done in figuring out what's "core" to those solutions and what needs to go in various extensions. Blaine and I will send out a rough agenda tomorrow for our first conference call on the 21st. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
