The abstract of draft-parecki-oauth-v2-1 concludes with this text:
This specification replaces and obsoletes the OAuth 2.0 Authorization
Framework described in RFC 6749<https://tools.ietf.org/html/rfc6749>.
While accurate, I don't believe that this text captures the full intent of the
OAuth 2.1 effort - specifically, to be a recommended subset of OAuth 2.0,
rather than to introduce incompatible changes to it. Therefore, I request that
these sentences be added to the abstract, to eliminate confusion in the
marketplace that might otherwise arise:
OAuth 2.1 is a compatible subset of OAuth 2.0, removing features that are
not currently considered to be best practices. By design, it does not
introduce any new features to what already exists in the OAuth 2.0 set of
protocols.
Thanks,
-- Mike
P.S. I assert that any incompatible changes should be proposed as part of the
TxAuth effort and not as part of OAuth 2.1.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
