Hi,
this blog post (
http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/) by the
editor of OAuth 2.0 made the rounds of the geek news outlets: Slashdot,
CNet etc. I am sure many people on this list have seen it. But I have
seen no reactions on this list, nor on the SAAG list. Is
http://www.scifac.ru.ac.za/cspt/hoare.htm
Hi Yaron,
At 05:52 AM 7/29/2012, Yaron Sheffer wrote:
this blog post (
http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/)
by the editor of OAuth 2.0 made the rounds of
the geek news outlets: Slashdot, CNet etc. I am
sure many people on this list have seen it. But
I have seen no
We are going to respond to Eran's blog post. We would like to respond with some
real content instead of vague statements.
I would find it useful if anyone of you who likes to agree or disagree to have
at least read the OAuth specification. I had noticed that many of those who
share their
Just a minor comment on this one:
On Jul 29, 2012, at 8:20 AM, SM wrote:
[the] working group at the IETF started with strong web presence. But as the
work dragged on (and on) past its first year, those web folks left along
with
every member of the original 1.0 community. The group
On Sun, 2012-07-29 at 12:19 -0700, Hannes Tschofenig wrote:
Just a minor comment on this one:
On Jul 29, 2012, at 8:20 AM, SM wrote:
[the] working group at the IETF started with strong web presence. But as
the
work dragged on (and on) past its first year, those web folks left
Watching a play starting with the third act is always interesting but not
informative.
If there's a dispute worthy of attention by the *whole IETF membership*, could
someone please summarize it (in a reasonably unbiased way) to bring the rest of
us up to speed?
Dale
Do you think that corporate domination of open standards development is OK?
The barrier for participation is low since there are no membership fees, etc.
Nevertheless, those who participate in standardization efforts have to spend
their time. So, typically those who participate for a
Eran, the editor of a specification in the OAuth working group, had decided to
step down from his editor-role because the group did not agree with certain
design decisions (particularly with a security design decision). That happens
also in other groups. Nothing uncommon so far.
He then wrote
On Jul 29, 2012, at 1:17 PM, Glen Zorn wrote:
On Sun, 2012-07-29 at 12:19 -0700, Hannes Tschofenig wrote:
Just a minor comment on this one:
On Jul 29, 2012, at 8:20 AM, SM wrote:
[the] working group at the IETF started with strong web presence. But as
the
work dragged on (and
Hi Yoav,
Hi
Like Dale, I haven't followed the play throughout the life of OAuth (the
working group)
Barely anyone has done that.
Who are these corporations that dominate the working group? Are they content
providers like Facebook, Twitter, or Disney? Are they ISPs? Is it General
On Sun, 2012-07-29 at 23:37 +0300, Yoav Nir wrote:
...
The IETF allows open participation and, as such, everyone, including
companies that develop enterprise software, are free to participate in the
discussions.
Do you think open participation is wrong?
Do you think that
From: Hannes Tschofenig [hannes.tschofe...@gmx.net]
Eran claims that enterprise identity management equipment manufacturer
dominate the discussion.
There's a common problem in the IETF that the development of a standard is
dominated by companies that incorporate the standard into their
On Sun, 2012-07-29 at 13:28 -0700, Hannes Tschofenig wrote:
Do you think that corporate domination of open standards development is
OK?
The barrier for participation is low since there are no membership fees, etc.
For participation, yes, all that is needed is an email account; if
Trying to step away from the big vendors vs. users discussion...
I admit I have not followed events in the oauth WG, but I did read
Eran's post and his own follow-on comments, plus some others' who were
burnt by our processes. Some may want to construe it as IETF bashing,
but what I'm reading
I certainly agree that the participation in the face-to-face meetings is indeed
more costly. For leadership positions (as you call them) such participation is
indeed important.
On Jul 29, 2012, at 2:02 PM, Glen Zorn wrote:
On Sun, 2012-07-29 at 13:28 -0700, Hannes Tschofenig wrote:
Do
It sounds indeed great to involve those communities that use the technology.
However, I don't see an easy way to accomplish that when we talk about a really
large community.
For example, many people use TLS and they are not all in the TLS WG working
group. I am not even talking about
I have not been involved in the OAuth design processes, but for the
last few months, I’ve been a heavy user of production OAuth2 software.
Which I felt gave me a platform to comment on the issue:
http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead
-Tim
On Sun, Jul 29, 2012 at 2:57
From: Yaron Sheffer [yaronf.i...@gmail.com]
[...] but what I'm reading is three concrete statements that IETF
members can respond to, and (if we accept them as true) consider how
to address in the future:
- A Web-focused protocol was forced to adopt enterprise use cases.
[...]
My first
thanks for the review Ben.
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at
http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq .
Please resolve these comments along with any other Last Call comments you may
receive.
Document:
The IESG has approved the following document:
- 'Definitions of Managed Objects for Packet Sampling'
(draft-ietf-ipfix-psamp-mib-06.txt) as Proposed Standard
This document is the product of the IP Flow Information Export Working
Group.
The IESG contact persons are Ronald Bonica and Benoit
21 matches
Mail list logo