Hello folks,
>A few questions we should answer before moving forward. Considering *your* >use cases and reasons for being here: > >1. Why are you here? What are you trying to solve that is not already >addressed by existing specifications (OAuth 1.0a, WRAP, etc)? I am here because I support open standards and would like to see some improvements/additions to the protocol. Recursive delegation is the main pain point that I want to address (see the ID of redelegation) This is important for Mesh-ups or for content managers that use different services to have good interoperability with the different providers. WRAP could help here for TLS-enabled environments, but there are use cases where you don't have such an environment. >2. Should the WG start by taking WRAP or OAuth 1.0a as its starting point? >Something else? Or we start a new document, combining the different ID's or we should start from our previous "consensus" around OAuth 1.0a >3. If we start from draft-hammer-oauth, what needs to change to turn it >into OAuth 2.0? The idea of Resource Owner Authorization should be adapted to provide a clean way to do the recursive delegation flow. Replacing the "PLAINTEXT"-method with WRAP >4. If we start from draft-hardt-oauth, what needs to change to turn it into >OAuth 2.0? I see WRAP as a nice replacement for the "PLAINTEXT"-method, so the other cases should be added. >5. Do you think the approach of working first on 'how to use a token' and >then on 'how to get a token' is right? There should be a simple spec having the whole flow, instead that you should read different documents to get a feeling of what there is written. Maybe the split could be used, if there is a third document that glues them together with a clear vision/use case. >6. Should we go back to working on a single specification? See previous answer >7. Do you think the protocol should include a signature-based >authentication scheme? Yes. Best regards, Bart Vrancken _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
