Yes, those two drafts make sense.  From other threads it sounds like
we're making progress on the Authentication draft which will both
support signatures (ala OAuth 1.x) and plaintext plus SSL/TLS (ala
WRAP).  I'll try to start working toward consensus on the core flows
we'd like to support in the Authorization draft next week.

--David

On Wed, Jan 13, 2010 at 4:53 PM, Eran Hammer-Lahav <[email protected]> wrote:
> I think the goal of the next two months is to produce two semi-stable drafts
> covering the two parts of the protocol:
>
> 1. Authentication - how to make authenticated requests / signed messages
> using token credentials. This will be based on my token auth draft [1] as a
> starting point. There are a few open issues to decide based on feedback
> received from Panzer and Eaton which I will post about shortly.
>
> 2. Authorization - how to obtain a set of token credentials using web
> redirection and other flows introduced by WRAP. This will be a new draft
> using the web-delegation draft [2] skeleton and the flows in WRAP section 5
> [3]. There are many open issues to decide, starting with which flows to
> keep, which to move to an extension, and if there are additional ones to
> add.
>
> These drafts will be locked before the WG meeting to allow review and will
> be discussed at the meeting. We will also discuss any charter changes
> required to accommodate the drafts. This approach will allow us to focus on
> the work and worry about the charter at the meeting. This will ensure we
> ground the process in actual technical consensus.
>
> Comments?
>
> EHL
>
> [1] http://tools.ietf.org/html/draft-hammer-http-token-auth
> [2] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation
> [3] http://bit.ly/oauth-wrap
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to