Yes, those two drafts make sense. From other threads it sounds like we're making progress on the Authentication draft which will both support signatures (ala OAuth 1.x) and plaintext plus SSL/TLS (ala WRAP). I'll try to start working toward consensus on the core flows we'd like to support in the Authorization draft next week.
--David On Wed, Jan 13, 2010 at 4:53 PM, Eran Hammer-Lahav <[email protected]> wrote: > I think the goal of the next two months is to produce two semi-stable drafts > covering the two parts of the protocol: > > 1. Authentication - how to make authenticated requests / signed messages > using token credentials. This will be based on my token auth draft [1] as a > starting point. There are a few open issues to decide based on feedback > received from Panzer and Eaton which I will post about shortly. > > 2. Authorization - how to obtain a set of token credentials using web > redirection and other flows introduced by WRAP. This will be a new draft > using the web-delegation draft [2] skeleton and the flows in WRAP section 5 > [3]. There are many open issues to decide, starting with which flows to > keep, which to move to an extension, and if there are additional ones to > add. > > These drafts will be locked before the WG meeting to allow review and will > be discussed at the meeting. We will also discuss any charter changes > required to accommodate the drafts. This approach will allow us to focus on > the work and worry about the charter at the meeting. This will ensure we > ground the process in actual technical consensus. > > Comments? > > EHL > > [1] http://tools.ietf.org/html/draft-hammer-http-token-auth > [2] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation > [3] http://bit.ly/oauth-wrap > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
