I was not aware that anyone had to bring WRAP back to the table, as I never realized that you dismissed this as a starting point. So I thought the process was to go through the use cases which will help distill out some of the function/features/requirements and I'm sure that will help use choose a strating point.
-----Original Message----- From: Eran Hammer-Lahav [mailto:[email protected]] Sent: Wednesday, February 17, 2010 10:13 PM To: Anthony Nadalin Cc: OAuth WG ([email protected]) Subject: RE: [OAUTH-WG] Proposed agenda for third interim meeting I don't know why you feel like I am dismissing WRAP (or its community). I was the one asking and pushing Dick to submit it to the WG, and have been the first to propose we use it as the foundation of the 'how to get a token' part of the protocol. I have a lot of criticism about the how WRAP came to be, but I have only made a single complaint about its technical properties (using bearer tokens over an insecure channel, in which I am far from being alone). In other words, I think WRAP is a positive contribution and a significant part of what I envision OAuth 2.0 to be. As for the specification itself, WRAP doesn't include any signature algorithm which means there is nothing there to build on when it comes to the main focus of the 'using a token' part. We had previous WG rough consensus on dropping support for POST parameters and (for now) URI query parameters (which we can revisit). This leaves very little to work with in section 4 of draft-hardt-oauth. I didn't see anything back from Dick (or anyone else) about my response to his proposal to start off WRAP, so I assumed there was no objection to excluding it from this specific discussion. If you want to bring it back to the table, please do, but explain why you feel that it's a better choice than the other three proposals. As the specification editor, I have no interest in starting from scratch again. We have three texts offering a good starting point, each with a different set of pluses and minuses. We need to pick one and start picking at it, making iterative changes towards consensus. When we are done, we can always cut and paste it into the WRAP draft to replace section 4 if we feel it is the most effective way forward. But that's for later. If we can't agree on the process, I don't know how we can agree on the technical details. EHL > -----Original Message----- > From: Anthony Nadalin [mailto:[email protected]] > Sent: Wednesday, February 17, 2010 7:24 PM > To: Eran Hammer-Lahav > Cc: [email protected] > Subject: Re: [OAUTH-WG] Proposed agenda for third interim meeting > > Very odd. The other community is WRAP unless you have already excluded > that. > > > > On Feb 17, 2010, at 6:51 PM, "Eran Hammer-Lahav" <[email protected]> > wrote: > > > And I am not sure what your comment is about or what communities you > > are referring to given that of the three options we have, one is > > half of OAuth 1.0, one I proposed, and one James proposed. The last > > two have not built a community just yet... > > > > Our goal is to come up with a single protocol, and I need to work on > > a single draft by collecting feedback and incorporating it. > > > > EHL > > > >> -----Original Message----- > >> From: Anthony Nadalin [mailto:[email protected]] > >> Sent: Wednesday, February 17, 2010 12:06 PM > >> To: Eran Hammer-Lahav; Blaine Cook; [email protected] > >> Subject: RE: [OAUTH-WG] Proposed agenda for third interim meeting > >> > >> Why is this binary choice? Looks like there are communities around > >> each of these > >> > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] On > >> Behalf Of Eran Hammer-Lahav > >> Sent: Wednesday, February 17, 2010 7:43 AM > >> To: Blaine Cook; [email protected] > >> Subject: Re: [OAUTH-WG] Proposed agenda for third interim meeting > >> > >> It would be great to have a discussion about how people would like > >> to move forward given that we don't yet have consensus on which > >> drafts to use. We now have 3 alternatives but practically no > >> discussion. I am ready to put in editorial work but I don't know > >> how the WG wants to proceed. > >> > >> EHL > >> > >>> -----Original Message----- > >>> From: [email protected] [mailto:[email protected]] On > >>> Behalf Of Blaine Cook > >>> Sent: Wednesday, February 17, 2010 6:18 AM > >>> To: [email protected] > >>> Subject: [OAUTH-WG] Proposed agenda for third interim meeting > >>> > >>> Hi all, > >>> > >>> Below is a very rough agenda for Thursday's interim meeting. Your > >>> feedback is very welcome to improve this agenda, either on the > >>> list or during the meeting ("agenda bashing"). > >>> > >>> Peter and I have included a request for a scribe; if anyone would > >>> like to volunteer beforehand, we'd be very grateful as it will > >>> maximize our time on the call. > >>> > >>> The logistics are available here: > >>> http://www.ietf.org/mail-archive/web/oauth/current/msg01166.html - > >>> Please note the time, which is earlier than the last call, at > >>> 18:30 GMT, 10:30 PST, and 13:30 EST. > >>> > >>> ***** > >>> > >>> AGENDA > >>> > >>> * Intro > >>> * NOTE WELL > >>> * request for a scribe > >>> > >>> * Agenda bashing > >>> > >>> * Chair announcements > >>> * impending Area Director change > >>> * wiki pages (use cases, terminology) > >>> * call for agenda items at Anaheim meeting > >>> > >>> * Continuation of "use a token" discussion > >>> > >>> * Continuation of use case discussion > >>> > >>> * Scheduling of next interim meeting > >>> > >>> * Other business? > >>> _______________________________________________ > >>> OAuth mailing list > >>> [email protected] > >>> https://www.ietf.org/mailman/listinfo/oauth > >> _______________________________________________ > >> OAuth mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
