Latest is always at: http://github.com/theRazorBlade/draft-ietf-oauth
(xml is always up to date. txt and html when I can. Atom feed available) --- I finished going over sections 1-5 which includes the overview, flows, refresh method, and using tokens (including signatures). By finished I mean those sections are ready to be submitted as a working group draft -00. Please review sections 1-5 and submit any changes needed for a -00 draft. This means focus on critical changes that should be made before the document is considered a starting point for the working group. I am going to ask the chairs for a consensus call about promoting this to a working group draft by 4/19 so please submit feedback as soon as possible. Open issues: * token size limit * restriction on values characters * specificity of the assertion flow * parameter name prefix * single authorization endpoint * inclusion of both user-agent flow and native application flow * username parameter proposal * scope parameter * adding refresh token as optional in all access token requests * limiting signed requests to use the auth header (no query / form body) Closed issues: * requiring HTTPS for bearer token protected resource requests Once we approve this as -00 I plan to post a weekly draft based on the feedback received and approved by the group. I will no longer make changes to the draft (after -00) without working group consensus. Please (PLEASE) don't reply to this message with feedback but instead send a separate post for each major issue. Feel free to bunch small comments into one post. This will help facilitate our discussion. The spec is now 51 pages before adding the security consideration and error codes. It's big. I would appreciate any feedback you can spare so we can decide next week if it is ready for a -00. Thanks! EHL
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
