On Thu, Feb 18, 2010 at 9:14 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > A few questions we should answer before moving forward. Considering *your* > use cases and reasons for being here: > > 1. Why are you here? What are you trying to solve that is not already > addressed by existing specifications (OAuth 1.0a, WRAP, etc)?
WRAP solves almost all of them. I see a need for passing signed claims about identity around, and I don't think SWT or SAML are good choices for that. I don't think the signed identity claims are necessary in the core OAuth spec, they are an advanced use case that most OAuth implementers (client and server) should completely ignore. > 2. Should the WG start by taking WRAP or OAuth 1.0a as its starting point? > Something else? WRAP. > 5. Do you think the approach of working first on 'how to use a token' and > then on 'how to get a token' is right? I think "how to use a token" should be about two lines. =) > 7. Do you think the protocol should include a signature-based authentication > scheme? See above about signed claims about identity. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
