> -----Original Message----- > From: Dick Hardt [mailto:[email protected]] > Sent: Thursday, September 30, 2010 7:45 AM
> The suggested change does not address the issue that myself and others had > raised with having signatures be in the core. The suggestion was that having > signatures be a different spec made them reusable by other groups and > enabled a more comprehensive signature specification. Having them in core > made them OAuth specific. Of course it does! It addresses it by keeping signature proposals as separate documents. This is exactly what you have been asking for! Now it is up to those working on each signature proposal to decided how generic they want to keep it. > I think there was consensus with those that had seen the advantage of a > different signature spec that including the OAuth 1.0A signature mechanism > in core and having a clear extension mechanism was a satisfactory direction. > This enables alternative algorithms to be specified There was no consensus! Mike Jones and Marius Scurtescu outright objected, Anthony Nadalin was not supportive, you and Lukas Rosenstock raised concerns, John Panzer suggested he might be ok with it, and Mark McGloin said it is worth trying. That's it. On the other hand, the proposal to break the specification has an overwhelming support: 13 people support it unconditionally, 2 raised concerns but are happy to give it a try, and 1 didn't see the point (but did not object). You are the only one with an actual objection (so far), and one which is pretty easy to test, and much faster than anything else suggested. Breaking the specification will take a few days and will let us judge these assertions in practice. I suggest we move forward with this proposal and revisit your objection later when we have actual documents to discuss. If the result will prove to be unreadable, we can always go revisit, and the IETF process will give you plenty of opportunities to voice your concerns. EHL [1] http://hueniverse.com/2010/09/oauth-bearer-tokens-are-a-terrible-idea/ _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
