Re: [OAUTH-WG] Hum about 'Removal: OAuth2 HTTP Authentication Scheme'

Thu, 03 Feb 2011 08:06:21 -0800 

Here's one objection, per my note sent on January 18th:

'OAuth2' HTTP Authentication Scheme:  Simply put, dropping this seems like a 
huge step away from interoperability.  As one data point, Microsoft implements 
this in our WIF OAuth2 protected resource code.  All up, clients need a way to 
authenticate to the protected resource.  Also, existing WRAP implementations 
need this functionality to migrate to OAuth2.   For all these reasons, we 
support retaining this functionality in OAuth2.



                                                            -- Mike



-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of 
Hannes Tschofenig
Sent: Thursday, February 03, 2011 7:31 AM
To: Anthony Nadalin
Cc: [email protected]
Subject: Re: [OAUTH-WG] Hum about 'Removal: OAuth2 HTTP Authentication Scheme'



Hey Tony,



thanks for the feedback. I might have missed the objection. Could you be more 
specific about who did not want this functionality to be removed?



Ciao

Hannes



On 2/3/2011 5:19 PM, Anthony Nadalin wrote:

> There have been several of us that have objected and several of that have 
> implemented this feature, it's late in the cycle to remove, so I raise the 
> objection.

>

> -----Original Message-----

> From: [email protected] [mailto:[email protected]] On Behalf

> Of Hannes Tschofenig

> Sent: Thursday, February 03, 2011 12:11 AM

> To: [email protected]

> Subject: [OAUTH-WG] Hum about 'Removal: OAuth2 HTTP Authentication Scheme'

>

> Hi all,

>

> Eran suggested to remove the 'OAuth2' HTTP Authentication Scheme 
> functionality from the specification in his mail from last month:

> http://www.ietf.org/mail-archive/web/oauth/current/msg05026.html

>

> The discussion got off topic pretty quickly with the discussion about OAuth 
> usage for SASL. I couldn't see a strong objection but rather clarifying 
> discussions.

>

> Please correct me if I misread your feedback on this issue.

>

> So, my current impression is that there is no objection and we confirm the 
> design decision to remove the 'OAuth2' HTTP Authentication Scheme from 
> draft-ietf-oauth-v2.

>

> Deadline for feedback: Feb, 10th 2011

>

> Ciao

> Hannes

> _______________________________________________

> OAuth mailing list

> [email protected]<mailto:[email protected]>

> https://www.ietf.org/mailman/listinfo/oauth

>

>

>

>

>



_______________________________________________

OAuth mailing list

[email protected]<mailto:[email protected]>

https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to