> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Eran Hammer-Lahav > Sent: Tuesday, April 19, 2011 10:11 AM > To: Dave Nelson > Cc: oauth > Subject: Re: [OAUTH-WG] Revised Section 3 > > > > > -----Original Message----- > > From: Dave Nelson [mailto:[email protected]] > > Sent: Tuesday, April 19, 2011 5:25 AM > > > > The claim that "removing is a breaking issue" is patently wrong. > > > > From what I've read in this thread, I can't support that notion. If > > interoperable implementations can't be crafted without *some* > > resolution to this issue, it indeed seems like a "breaking issue" to > me. > > This might be correct in general, but you are taking this out of the > specific context of the requested change. > > The proposed change does not accomplish by itself any level of > interoperability since it is merely an extension point. It cannot be > used without further profiling (and I have demonstrated in a previous > reply why even further profiling might not produce a secure solution > given the vague normative requirements provided). > > IOW, in order for this proposed change to accomplish interoperability, > additional specifications must be published (which also addresses some > of your other concerns).
Hi Eran, If its ok with you, may I offer some friendly suggestion. Section 3 does not take away anything from your work and enormous contribution to the Oauth 2.0 main spec. If anything, Section 3 shows that lots of people are interested in seeing OAuth 2.0 deployed in other environments and being integrated into other authentication infrastructures (eg. enterprise infra). I view this as a positive success point and achievement for Oauth 2.0. And yes, further profiling & specs will be needed for each and every type of credential mentioned in Section 3 in order to get interoperability. That's always been my understanding (and I believe that is also the understanding of other folks who want Section 3 to stay). Perhaps it would best to just leave Section 3 where it is, and to move on to other aspects of the draft. Thanks. /thomas/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
