Hey Hannes, Not to be taken the wrong way, but we've already had eight really informative responses to this survey. It would be useful to understand what you're interested in solving within this working group versus just hearing the belief that the survey is broken. :)
Cheers, --David On Sun, Feb 21, 2010 at 8:12 AM, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofe...@nsn.com> wrote: > Hi Eran, > > There are a couple of problems with this survey. See below > >>-----Original Message----- >>From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] >>On Behalf Of ext Eran Hammer-Lahav >>Sent: 18 February, 2010 19:14 >>To: OAuth WG (oauth@ietf.org) >>Subject: [OAUTH-WG] WG Survey >> >>A few questions we should answer before moving forward. >>Considering *your* use cases and reasons for being here: >> >>1. Why are you here? What are you trying to solve that is not >>already addressed by existing specifications (OAuth 1.0a, WRAP, etc)? > > During the conference call we figured out that there is no way one would > easily agree to a single scenario or deployment variant. > > This is where some the disagreements come from. Some folks have the > super-secure governmental application in mind, others want to support > the enterprise environment which are able to spend a lot of money on > security, and then there are others that focus on the web developer that > does not have even money for the certs. > > How do you want to provide a solution that fits everyone? Not really > possible IMHO (unless you introduce the notion of "profiles"). > >> >>2. Should the WG start by taking WRAP or OAuth 1.0a as its >>starting point? Something else? > > Largely irrelevant as the content will change anyway > >> >>3. If we start from draft-hammer-oauth, what needs to change >>to turn it into OAuth 2.0? > > Depends on the scenarios you want to cover under item (1). > >> >>4. If we start from draft-hardt-oauth, what needs to change to >>turn it into OAuth 2.0? > > > Depends on the scenarios you want to cover under item (1). > >> >>5. Do you think the approach of working first on 'how to use a >>token' and then on 'how to get a token' is right? > > Nope. First, you have to figure out what you want the specification to > accomplish. > > >> >>6. Should we go back to working on a single specification? > > Does not matter. This is purely a document management / authorship > question that would come last. > >> >>7. Do you think the protocol should include a signature-based >>authentication scheme? > > That depends on the scenarios you want to cover. > > Ciao > Hannes > >> >>EHL >>_______________________________________________ >>OAuth mailing list >>OAuth@ietf.org >>https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
