On 1/13/10 6:17 PM, "Peter Saint-Andre" <[email protected]> wrote:
>> These drafts will be locked before the WG meeting to allow review and will >> be discussed at the meeting. We will also discuss any charter changes >> required to accommodate the drafts. This approach will allow us to focus on >> the work and worry about the charter at the meeting. This will ensure we >> ground the process in actual technical consensus. > > That approach sounds quite reasonable. Two comments: > > a. In my opinion the scenarios are not limited to what has been > introduced by the WRAP discussions, and I have been encouraging folks to > submit I-Ds that document additional scenarios as input to our > understanding of the problem space (the WRAP authors will submit their > work soon, as well). Exactly. That's why I asked if there are additional ones to add. But I think it is important the people will read the WRAP scenarios before spending time in writing new I-Ds to see if their *use-case* is already covered. If it is, but is not solved to their satisfaction, I think that should be posted as feedback to the WRAP proposal and not as yet another I-D. > b. Once we have a clear grasp of the problem space, we'll be able to > make longer-lasting progress on solutions. As you have outlined, at a > high level the solutions are how to make authenticated requests and how > to obtain credentials for making such requests, but it seems to me that > there's still quite a bit of work to be done in figuring out what's > "core" to those solutions and what needs to go in various extensions. This is true for the authorization part, but I don't think it is true for the authentication part. On the authentication side I think we are very close to a proposal. I have followed up with a few open questions and will send more over the next few days. I think we can get the authentication part mostly done quickly, and then put it aside to focus on the authorization, going back to make changes as limitations or issues are found based on the authorization experience. > Blaine and I will send out a rough agenda tomorrow for our first > conference call on the 21st. Great. I will not be able to attend but hopefully others will and report back with new ideas and feedback. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
