The statement "removing features that are not currently considered to be best practices" is ambiguous and implies that the best practise could be reinterpreted to include the flows that are now being deprecated. Perhaps "removing features that are no longer considered to be best practices" is much clearer
---------------------------------------------------------------------- Message: 1 Date: Sun, 15 Mar 2020 21:34:56 +0000 From: Mike Jones <[email protected]> To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]> Subject: [OAUTH-WG] Clarifying the scope of the OAuth 2.1 spec Message-ID: <dm6pr00mb0684b029182673eadc9e0288f5...@dm6pr00mb0684.namprd00.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" The abstract of draft-parecki-oauth-v2-1 concludes with this text: This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749<https://tools.ietf.org/html/rfc6749>. While accurate, I don't believe that this text captures the full intent of the OAuth 2.1 effort - specifically, to be a recommended subset of OAuth 2.0, rather than to introduce incompatible changes to it. Therefore, I request that these sentences be added to the abstract, to eliminate confusion in the marketplace that might otherwise arise: OAuth 2.1 is a compatible subset of OAuth 2.0, removing features that are not currently considered to be best practices. By design, it does not introduce any new features to what already exists in the OAuth 2.0 set of protocols. Thanks, -- Mike P.S. I assert that any incompatible changes should be proposed as part of the TxAuth effort and not as part of OAuth 2.1. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://mailarchive.ietf.org/arch/browse/oauth/attachments/20200315/87ef5f5d/attachment.html> This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. All incoming and outgoing e-mail messages are stored in the Swiss Re Electronic Message Repository. If you do not wish the retention of potentially private e-mails by Swiss Re, we strongly advise you not to use the Swiss Re e-mail account for any private, non-business related communications. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
