Hi Eran, There are a couple of problems with this survey. See below >-----Original Message----- >From: [email protected] [mailto:[email protected]] >On Behalf Of ext Eran Hammer-Lahav >Sent: 18 February, 2010 19:14 >To: OAuth WG ([email protected]) >Subject: [OAUTH-WG] WG Survey > >A few questions we should answer before moving forward. >Considering *your* use cases and reasons for being here: > >1. Why are you here? What are you trying to solve that is not >already addressed by existing specifications (OAuth 1.0a, WRAP, etc)?
During the conference call we figured out that there is no way one would easily agree to a single scenario or deployment variant. This is where some the disagreements come from. Some folks have the super-secure governmental application in mind, others want to support the enterprise environment which are able to spend a lot of money on security, and then there are others that focus on the web developer that does not have even money for the certs. How do you want to provide a solution that fits everyone? Not really possible IMHO (unless you introduce the notion of "profiles"). > >2. Should the WG start by taking WRAP or OAuth 1.0a as its >starting point? Something else? Largely irrelevant as the content will change anyway > >3. If we start from draft-hammer-oauth, what needs to change >to turn it into OAuth 2.0? Depends on the scenarios you want to cover under item (1). > >4. If we start from draft-hardt-oauth, what needs to change to >turn it into OAuth 2.0? Depends on the scenarios you want to cover under item (1). > >5. Do you think the approach of working first on 'how to use a >token' and then on 'how to get a token' is right? Nope. First, you have to figure out what you want the specification to accomplish. > >6. Should we go back to working on a single specification? Does not matter. This is purely a document management / authorship question that would come last. > >7. Do you think the protocol should include a signature-based >authentication scheme? That depends on the scenarios you want to cover. Ciao Hannes > >EHL >_______________________________________________ >OAuth mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
