I can't help myself to not reply to this ... :) On Wed, Nov 1, 2023 at 11:18 AM Denis <[email protected]> wrote:
> <snip> > > Bridging the architectural narrative used in the core OAuth framework (AS, > RS, RO) and in the three roles model > (Holder, Issuer, Verifier) would not be appropriate. > I'm not sure "would not be appropriate" is the right phrase, but I agree that the models are different. <snip> > It should finally be noticed that the acronym of this WG, "OAuth", is a > short for "Open Authorization". It is questionable whether that acronym or > its meaning > would still be appropriate to address the three roles model which does not > fit into the OAuth 2.0/2.1 framework. > OAuth is not short for anything. "OpenAuth" was originally proposed, but Yahoo! was using that term at the time, so "OAuth" was picked. The name of the WG is actually "Web Authorization Protocol" https://datatracker.ietf.org/wg/oauth/about/ This does reinforce what I think is Denis' point -- this WG was chartered for authorization protocol work -- not "identity" tokens. /Dick
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
