There wasn't a vote. Just call for feedback and so far I haven't seen consensus.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Phil Hunt > Sent: Thursday, February 10, 2011 3:11 PM > To: OAuth WG > Subject: Re: [OAUTH-WG] Hum about 'Removal: Client Assertion Credentials' > > I never heard a final resolution to this. What was the vote result? > > Phil > [email protected] > > > > > On 2011-02-10, at 3:07 PM, Marius Scurtescu wrote: > > > On Thu, Feb 3, 2011 at 12:14 AM, Hannes Tschofenig > > <[email protected]> wrote: > >> Hi all, > >> > >> Eran suggested to remove the Client Assertion functionality from the > >> draft-ietf-oauth-v2 specification in his mail from last month: > >> http://www.ietf.org/mail-archive/web/oauth/current/msg05027.html > >> > >> This lead to a heated discussion. > >> > >> Going through the discussions I got the following impression: > >> "+" means in favor of removing the Client Assertion credential > >> functionality from the draft-ietf-oauth-v2 specification and "-" > >> means against it. > >> "*" indicates some constraints. > >> +Eran > >> *Phil (was talking about a stronger version of the client assertion > >> credentials) > >> +David > >> *Francisco (also has a stronger version in mind) -Mike *Marius > >> (Marius has plans to use client assertions in two profiles. So, I > >> assume he wants to have the functionality but I do not know whether > >> he cares about where it is document; in the main spec or in a > >> separate document.) > >> > >> Please correct me if I have forgotten someone or misinterpreted > >> someone's statement. > >> > >> The feedback from the group as I have seen it was a bit difficult to > >> interpret (particularly from Phil, Francisco, and Marius). So, a > >> clarification would be good. > > > > Count me as a "-", I think client assertions should stay. > > > > > >> Feedback indicated that there is interesting in deploying the Client > >> Assertion credential functionality. That's good. > >> > >> My reading of Section 3.2 of OAuth version -11 is that this > >> functionality is NOT mandatory to implement. > >> > >> So, for me the question therefore is where to describe this functionality. > >> Here are my questions: > >> > >> 1a) Do you insist in having it documented in draft-ietf-oauth-v2? > >> > >> PLEASE NOTE: Having functionality in a separate document does not > >> mean that it will take longer to complete nor that it is less > >> important. It is purely a document management question! > > > > Not sure a separate document is the same thing. A separate document > > probably means an extension that fully defines how client assertions > > should work in a specific implementation. Other extensions that would > > like to do something similar now would have to either be redundant or > > refer to this first extension. > > > > If the basic parameters are described in the core spec then we have a > > clear extension point. > > > > > > Marius > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
