I would suggest that people don't spend time on editorial and formatting of their proposed text. Just post either documents or snippets and I will incorporate them into the spec as soon as possible. I have the next 4 weeks set aside for making significant progress on this document.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Eaton > Sent: Wednesday, March 24, 2010 10:25 AM > To: Dick Hardt > Cc: OAuth WG > Subject: Re: [OAUTH-WG] new sponsorship, time available for WG > > On Tue, Mar 23, 2010 at 10:18 PM, Dick Hardt <[email protected]> wrote: > > Microsoft recently offered to sponsor me to work on OAuth. For the > > past few months I have participated in the WG on my own time, but I am > > now able to devote a significant amount of time to this WG. > > Sweet. > > > At the IETF post meeting this week, there was discussion of working > > on both draft-hardt-oauth and draft-recordon-oauth2. David's draft > > has garnered much discussion, much of it comments on what was dropped > > from WRAP. Similarly, if draft-hardt-oauth was revised to include > > signatures, it likely would also generate discussion. Seems like a > > waste for the WG to be providing comments on two documents. > > So there is a bunch of good stuff in both documents. > > What I like from David's draft: > - device profile > - adding oauth_mode > - single refresh token workflow (though as David points out in another > thread, this needs tweaking.) > > What I like from WRAP: > - a whole bunch of profiles and use cases that got dropped from David's > draft. > > I don't think the OAuth 1.0 signature scheme is a good choice for OAuth 2, > but we talked in person at IETF about some alternatives. > Dick and I both have opinions on what we think it should look like, I'm hoping > Dick will write it up soon. > > I'm going to write up some security considerations (I think Richard Barnes is > interested, too), based mostly on the WRAP draft, plus some of the profiles > from the OAuth2 draft. > > So short-term we are probably going to end up with more documents rather > than fewer. I think the discussion is going really well and I'm happy to have > so many people participating. > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
