I never heard a final resolution to this. What was the vote result? Phil [email protected]
On 2011-02-10, at 3:07 PM, Marius Scurtescu wrote: > On Thu, Feb 3, 2011 at 12:14 AM, Hannes Tschofenig > <[email protected]> wrote: >> Hi all, >> >> Eran suggested to remove the Client Assertion functionality from the >> draft-ietf-oauth-v2 specification in his mail from last month: >> http://www.ietf.org/mail-archive/web/oauth/current/msg05027.html >> >> This lead to a heated discussion. >> >> Going through the discussions I got the following impression: >> "+" means in favor of removing the Client Assertion credential functionality >> from the draft-ietf-oauth-v2 specification and >> "-" means against it. >> "*" indicates some constraints. >> +Eran >> *Phil (was talking about a stronger version of the client assertion >> credentials) >> +David >> *Francisco (also has a stronger version in mind) >> -Mike >> *Marius (Marius has plans to use client assertions in two profiles. So, I >> assume he wants to have the functionality but I do not know whether he cares >> about where it is document; in the main spec or in a separate document.) >> >> Please correct me if I have forgotten someone or misinterpreted someone's >> statement. >> >> The feedback from the group as I have seen it was a bit difficult to >> interpret (particularly from Phil, Francisco, and Marius). So, a >> clarification would be good. > > Count me as a "-", I think client assertions should stay. > > >> Feedback indicated that there is interesting in deploying the Client >> Assertion credential functionality. That's good. >> >> My reading of Section 3.2 of OAuth version -11 is that this functionality is >> NOT mandatory to implement. >> >> So, for me the question therefore is where to describe this functionality. >> Here are my questions: >> >> 1a) Do you insist in having it documented in draft-ietf-oauth-v2? >> >> PLEASE NOTE: Having functionality in a separate document does not mean that >> it will take longer to complete nor that it is less important. It is purely >> a document management question! > > Not sure a separate document is the same thing. A separate document > probably means an extension that fully defines how client assertions > should work in a specific implementation. Other extensions that would > like to do something similar now would have to either be redundant or > refer to this first extension. > > If the basic parameters are described in the core spec then we have a > clear extension point. > > > Marius > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
