> But this still puzzles me. After two years in the application area where IMO > this > working clearly belongs, we were moved to the security area under the premise > of increased review and engagement from the security area.
I can't speak for the IESG, and it's they who made the decision to move the WG. But I can say that I disagree that it "clearly belongs" in the App area. From the start, I was puzzled why it wasn't chartered in the Sec area; OAuth is, to me, a security protocol that's used at the app layer (as opposed to an app protocol that happens to include security). DKIM was in a similar situation -- having bits in both areas -- and in 2006 was chartered in Sec... and that one seemed even more that it should have been in Apps. We have puzzling situations often, these days, where working groups "clearly belong" in more than one area, and the way things currently work, the IESG has to choose. ALTO might have been in RAI or App, was chartered in App, and now is in TSV. We've had a few recently chartered WGs where there was some debate about which area they belong in. I've thought for some time that we should have multi-area WGs, but that's not the case now. Don't pay too much attention to which AD manages the WG. Barry _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
