Hi Jeff, Please, see my comments below.
Regards, Rifaat On Mon, May 11, 2026 at 8:33 AM Lombardo, Jeff <[email protected]> wrote: > Hi, > > Thanks Deb ensuring this WG keep on moving the needle. Thanks Rifaat for > managing the comment process. > > > > My own personal thoughts on the last version: > > > > - “A procedure for enabling a client to register with an authorization > server” > - This seems to put a distinction between “procedure” and > “protocol” which escapes me. I am sure the term “procedure” has been > carefully chosen but I cannot understand why. Is that cause > preregistering > manually is not standardized? > > This was copied from the existing charter, and I think the reason for the use of the "procedure" term is, as you mentioned, that it is a manual process. > > - > - In any case, adding to the mix the advent of CIMD, there is more > than one: 1/ manual process; 2/ DCR; 3/ and the work for CIMD now, while > not being registration as it aims to remove the need for, is still the > establishment of the core of trust between the client and the AS. > > The text that your first bullet is referring to was talking about what was already defined in the OAuth 2.0 core specification. We could add DCR to the list of enhancements and CIMD to the work program, but I do not think that the charter needs to explicitly mention every work item that the work group is working on and intend to work on. We need to draw the line somewhere. > - > - On the Coordination: > - We had a lot of questions / thoughts on the same perimeter within > Agent-to-Agent. So far, this WG has been able to ensure it remains the > accountable place for the resolution of such questions. Still, this > proves > that coordination must be nurtured and coordinated with them. > > Agreed. This applies to the members of the WGs and the chairs. > > - > > > > Jeff > > > > *Jean-François “Jeff” Lombardo* | Amazon Web Services > > > > Architecte Principal de Solutions, Stratégie de Sécurité > Principal Solution Architect, Security Strategy > Montréal, Canada > > *Commentaires à propos de notre échange? **Exprimez-vous **ici* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *Thoughts on our interaction? Provide feedback **here* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *From:* Rifaat Shekh-Yusef <[email protected]> > *Sent:* May 7, 2026 12:24 PM > *To:* oauth <[email protected]> > *Subject:* [EXT] [OAUTH-WG] OAuth WG Rechartering > > > > *CAUTION*: This email originated from outside of the organization. Do not > click links or open attachments unless you can confirm the sender and know > the content is safe. > > > > *AVERTISSEMENT*: Ce courrier électronique provient d’un expéditeur > externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous > ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas > certain que le contenu ne présente aucun risque. > > > > All, > > > > The OAuth WG chairs and the Security AD (Deb) have been collaborating on a > proposal to recharter the OAuth WG. > > https://datatracker.ietf.org/doc/charter-ietf-oauth/ > > > > Deb put this on the agenda of the IESG telechat for *My 21st*. > > > > Please, take a look and let us know if you have any comments. > > > > Regards, > > Rifaat & Hannes > > > > > > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
