On the call today I clarified what is going on with all the different drafts. In brief:
draft-hammer-oauth - documentation of the OAuth 1.0 Rev A (with changes) protocol. This is done and should be approved by the IESG shortly for publication. draft-ietf-oauth-authentication - the part of OAuth 1.0 dealing with 'how to use a token after you obtain it'. draft-ietf-oauth-web-delegation - the part of OAuth 1.0 rev A dealing with 'getting a token'. draft-hammer-http-token-auth - an alternative proposal (meant to replace draft-ietf-oauth-authentication) which builds on top of OAuth 1.0 but cleans up the structure and removes the client credentials when accessing protected resources. It also changes how the request is normalized into a string before signing. We have three options for moving forward with 'how to use a token'. Start with: 1. draft-ietf-oauth-authentication 2. draft-hammer-http-token-auth 3. something else* * Do not suggest something else unless you are going to submit a proposal. It doesn't have to be an I-D, I am happy to do the editorial work but I will need a detailed proposal that is enough to turn into a specification. Pick. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
