On 1/13/10 11:12 PM, Eran Hammer-Lahav wrote:
> 
> On 1/13/10 6:17 PM, "Peter Saint-Andre" <[email protected]> wrote:
> 
>>> These drafts will be locked before the WG meeting to allow review and will
>>> be discussed at the meeting. We will also discuss any charter changes
>>> required to accommodate the drafts. This approach will allow us to focus on
>>> the work and worry about the charter at the meeting. This will ensure we
>>> ground the process in actual technical consensus.
>>
>> That approach sounds quite reasonable. Two comments:
>>
>> a. In my opinion the scenarios are not limited to what has been
>> introduced by the WRAP discussions, and I have been encouraging folks to
>> submit I-Ds that document additional scenarios as input to our
>> understanding of the problem space (the WRAP authors will submit their
>> work soon, as well).
> 
> Exactly. That's why I asked if there are additional ones to add. But I think
> it is important the people will read the WRAP scenarios before spending time
> in writing new I-Ds to see if their *use-case* is already covered. If it is,
> but is not solved to their satisfaction, I think that should be posted as
> feedback to the WRAP proposal and not as yet another I-D.

Indeed. My sense from talking with some folks one-on-one is that there
are additional scenarios, and I'm encouraging those people to contribute
scenarios on the list or via I-D.

>> b. Once we have a clear grasp of the problem space, we'll be able to
>> make longer-lasting progress on solutions. As you have outlined, at a
>> high level the solutions are how to make authenticated requests and how
>> to obtain credentials for making such requests, but it seems to me that
>> there's still quite a bit of work to be done in figuring out what's
>> "core" to those solutions and what needs to go in various extensions.
> 
> This is true for the authorization part, but I don't think it is true for
> the authentication part. On the authentication side I think we are very
> close to a proposal. I have followed up with a few open questions and will
> send more over the next few days.
> 
> I think we can get the authentication part mostly done quickly, and then put
> it aside to focus on the authorization, going back to make changes as
> limitations or issues are found based on the authorization experience.

Iterative development is good. :) That sounds quite reasonable.

>> Blaine and I will send out a rough agenda tomorrow for our first
>> conference call on the 21st.

Sorry we haven't sent it yet -- we're working on it now...

> Great. I will not be able to attend but hopefully others will and report
> back with new ideas and feedback.

Sorry to hear that. Hopefully you'll be able to join future calls.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to