On 1/13/10 11:12 PM, Eran Hammer-Lahav wrote: > > On 1/13/10 6:17 PM, "Peter Saint-Andre" <[email protected]> wrote: > >>> These drafts will be locked before the WG meeting to allow review and will >>> be discussed at the meeting. We will also discuss any charter changes >>> required to accommodate the drafts. This approach will allow us to focus on >>> the work and worry about the charter at the meeting. This will ensure we >>> ground the process in actual technical consensus. >> >> That approach sounds quite reasonable. Two comments: >> >> a. In my opinion the scenarios are not limited to what has been >> introduced by the WRAP discussions, and I have been encouraging folks to >> submit I-Ds that document additional scenarios as input to our >> understanding of the problem space (the WRAP authors will submit their >> work soon, as well). > > Exactly. That's why I asked if there are additional ones to add. But I think > it is important the people will read the WRAP scenarios before spending time > in writing new I-Ds to see if their *use-case* is already covered. If it is, > but is not solved to their satisfaction, I think that should be posted as > feedback to the WRAP proposal and not as yet another I-D.
Indeed. My sense from talking with some folks one-on-one is that there are additional scenarios, and I'm encouraging those people to contribute scenarios on the list or via I-D. >> b. Once we have a clear grasp of the problem space, we'll be able to >> make longer-lasting progress on solutions. As you have outlined, at a >> high level the solutions are how to make authenticated requests and how >> to obtain credentials for making such requests, but it seems to me that >> there's still quite a bit of work to be done in figuring out what's >> "core" to those solutions and what needs to go in various extensions. > > This is true for the authorization part, but I don't think it is true for > the authentication part. On the authentication side I think we are very > close to a proposal. I have followed up with a few open questions and will > send more over the next few days. > > I think we can get the authentication part mostly done quickly, and then put > it aside to focus on the authorization, going back to make changes as > limitations or issues are found based on the authorization experience. Iterative development is good. :) That sounds quite reasonable. >> Blaine and I will send out a rough agenda tomorrow for our first >> conference call on the 21st. Sorry we haven't sent it yet -- we're working on it now... > Great. I will not be able to attend but hopefully others will and report > back with new ideas and feedback. Sorry to hear that. Hopefully you'll be able to join future calls. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
