<hat type='chair'/>

On 1/13/10 5:53 PM, Eran Hammer-Lahav wrote:
> I think the goal of the next two months is to produce two semi-stable drafts
> covering the two parts of the protocol:
> 
> 1. Authentication - how to make authenticated requests / signed messages
> using token credentials. This will be based on my token auth draft [1] as a
> starting point. There are a few open issues to decide based on feedback
> received from Panzer and Eaton which I will post about shortly.
> 
> 2. Authorization - how to obtain a set of token credentials using web
> redirection and other flows introduced by WRAP. This will be a new draft
> using the web-delegation draft [2] skeleton and the flows in WRAP section 5
> [3]. There are many open issues to decide, starting with which flows to
> keep, which to move to an extension, and if there are additional ones to
> add.
> 
> These drafts will be locked before the WG meeting to allow review and will
> be discussed at the meeting. We will also discuss any charter changes
> required to accommodate the drafts. This approach will allow us to focus on
> the work and worry about the charter at the meeting. This will ensure we
> ground the process in actual technical consensus.

That approach sounds quite reasonable. Two comments:

a. In my opinion the scenarios are not limited to what has been
introduced by the WRAP discussions, and I have been encouraging folks to
submit I-Ds that document additional scenarios as input to our
understanding of the problem space (the WRAP authors will submit their
work soon, as well).

b. Once we have a clear grasp of the problem space, we'll be able to
make longer-lasting progress on solutions. As you have outlined, at a
high level the solutions are how to make authenticated requests and how
to obtain credentials for making such requests, but it seems to me that
there's still quite a bit of work to be done in figuring out what's
"core" to those solutions and what needs to go in various extensions.

Blaine and I will send out a rough agenda tomorrow for our first
conference call on the 21st.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to