On Thu, Feb 3, 2011 at 12:14 AM, Hannes Tschofenig <[email protected]> wrote: > Hi all, > > Eran suggested to remove the Client Assertion functionality from the > draft-ietf-oauth-v2 specification in his mail from last month: > http://www.ietf.org/mail-archive/web/oauth/current/msg05027.html > > This lead to a heated discussion. > > Going through the discussions I got the following impression: > "+" means in favor of removing the Client Assertion credential functionality > from the draft-ietf-oauth-v2 specification and > "-" means against it. > "*" indicates some constraints. > +Eran > *Phil (was talking about a stronger version of the client assertion > credentials) > +David > *Francisco (also has a stronger version in mind) > -Mike > *Marius (Marius has plans to use client assertions in two profiles. So, I > assume he wants to have the functionality but I do not know whether he cares > about where it is document; in the main spec or in a separate document.) > > Please correct me if I have forgotten someone or misinterpreted someone's > statement. > > The feedback from the group as I have seen it was a bit difficult to > interpret (particularly from Phil, Francisco, and Marius). So, a > clarification would be good.
Count me as a "-", I think client assertions should stay. > Feedback indicated that there is interesting in deploying the Client > Assertion credential functionality. That's good. > > My reading of Section 3.2 of OAuth version -11 is that this functionality is > NOT mandatory to implement. > > So, for me the question therefore is where to describe this functionality. > Here are my questions: > > 1a) Do you insist in having it documented in draft-ietf-oauth-v2? > > PLEASE NOTE: Having functionality in a separate document does not mean that > it will take longer to complete nor that it is less important. It is purely > a document management question! Not sure a separate document is the same thing. A separate document probably means an extension that fully defines how client assertions should work in a specific implementation. Other extensions that would like to do something similar now would have to either be redundant or refer to this first extension. If the basic parameters are described in the core spec then we have a clear extension point. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
