Hi all,
Eran suggested to remove the HTTP Basic Authentication functionality
from the specification in his mail from last month:
http://www.ietf.org/mail-archive/web/oauth/current/msg05028.html
Essentially, there are two ways to accomplish the same functionality,
namely (1) Request parameters and (2) HTTP Basic authentication.
Eran's initial discussion trigger very quickly evolved a discussion
about the removal of 'credential body parameters':
http://www.ietf.org/mail-archive/web/oauth/current/msg05035.html
This was, however, not supported by Justin, Eran, and Marius.
The main question for me is: "What is mandatory to implement?"
Regarding this question I went through the discussions on the mailing
list and I got the following impression:
"+" means in favor of removing HTTP Basic Authentication and
"-" means against it.
"~" indicates that the person is OK with removing it under certain
conditions.
+Eran
+Justin
~Tony (OK with having it optional but does not want to remove it from
draft-ietf-oauth-v2)
~Igor (OK with having it optional but does not want to remove it from
draft-ietf-oauth-v2)
+Marius
Please correct me if I have forgotten someone.
My reading of the feedback from the response on the list is that we have
a decision to make HTTP Basic authentication optional to implement (and
therefore the request parameters mandatory to implement).
A secondary question is: "Should the **optional** HTTP Basic
Authentication functionality be included in the draft-ietf-oauth-v2
specification?"
Here are my two questions:
1) Do you insist on having the HTTP Basic authentication documented in
draft-ietf-oauth-v2?
PLEASE NOTE: Having functionality in a separate document does not mean
that it will take longer to complete nor that it is less important. It
is purely a document management question!
2) If your answer to question (1) is "NO" then:
Would you be willing to co-author a document on this functionality?
Since the response so far does not give me a rough consensus I would
like to get your feedback.
Deadline for response: Feb, 10th 2011
Ciao
Hannes
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
