-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eran Hammer-Lahav Sent: Thursday, February 18, 2010 9:14 AM To: OAuth WG ([email protected]) Subject: [OAUTH-WG] WG Survey
A few questions we should answer before moving forward. Considering *your* use cases and reasons for being here: >1. Why are you here? What are you trying to solve that is not already >addressed by existing specifications (OAuth 1.0a, WRAP, etc)? To further a specification to cover use cases that have emerged. WRAP currently covers those use cases and OAuth 1.0a does not. >2. Should the WG start by taking WRAP or OAuth 1.0a as its starting point? >Something else? WRAP >3. If we start from draft-hammer-oauth, what needs to change to turn it into >OAuth 2.0? Remove the request signing mechanisms >4. If we start from draft-hardt-oauth, what needs to change to turn it into >OAuth 2.0? >5. Do you think the approach of working first on 'how to use a token' and then >on 'how to get a token' is right? How to use a token may not be the right thing to concentrate on as I can see different tokens for different uses, so would support an emphasis on 'how to get a token' >6. Should we go back to working on a single specification? If we can get agreement on the use cases and agree on the function/features, makes sense >7. Do you think the protocol should include a signature-based authentication >scheme? Not a required item _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
