On 4/7/10 5:23 PM, "Dick Hardt" <[email protected]> wrote:
>
>
> On 2010-04-07, at 4:26 PM, Eran Hammer-Lahav wrote:
>
>> * token size limit
>> * restriction on values characters
>> * specificity of the assertion flow
>> * parameter name prefix
>> * single authorization endpoint
>> * inclusion of both user-agent flow and native application flow
>> * requiring HTTPS for bearer token protected resource requests
>> * username parameter proposal
>> * scope parameter
>> * adding refresh token as optional in all access token requests
>> * limiting signed requests to use the auth header (no query / form body)
>
> Are these issues where you expect to have a consensus vote and you are only
> looking for other issues, or are you looking for feedback on these as separate
> emails as well?
I just listed all the issues people reported which were not (yet) addressed
in the draft. I didn't want to give the impression that by not addressing
them, some decision has been made. I expect us to continue to debate them
and hope that consensus will emerge or that the chairs will start working
more actively to resolve them.
So yes, please do provide feedback on these or any other issues you have.
As for reaching consensus, I will leave it up to the chairs to decide their
favorite method, but what worked well for us in the past is to make a
statement that reflects what the majority seems to want with the reasons for
and against and then ask if someone has *strong* objections.
And this is not limited to the chairs. If you feel a position you agree with
has consensus, please do sum it up and ask if people are ok moving forward
with that view. The key is that you need to have *strong* objections, not
just keep pointing out that something can be slightly better.
EHL
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
