On 03/23/2010 12:00 AM, Eve Maler wrote:
Since the discussion in the "OAuth after-party" seemed to warrant bringing it
up, I mentioned the UMA design principles/requirements document. You can find it here:
http://kantarainitiative.org/confluence/display/uma/UMA+Requirements
The discussion is around "Why can't Kerberos just be used for your use cases?"
The UMA principles might be able to inform how the OAuth WG makes its case for why
Kerberos doesn't suffice. (If we discover it does, hey, our work here is done. :-)
There are two threads here
- why Kerberos _as such_ does or does not work for the use-cases
- what experiences from 3rd party schemes such as Kerberos or STS are
valuable for OAuth.
Being long-time Kerberos-fanboy I still say that one of those threads
are interesting and the other isn't.
I think its much more valuable to talk about how to distill experience
from Kerberos (etc) which are applicable to the design of OAuth.
Cheers Leif
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
