On 3/24/10 11:32 AM, Leif Johansson wrote: > On 03/23/2010 12:00 AM, Eve Maler wrote: >> Since the discussion in the "OAuth after-party" seemed to warrant >> bringing it up, I mentioned the UMA design principles/requirements >> document. You can find it here: >> >> http://kantarainitiative.org/confluence/display/uma/UMA+Requirements >> >> The discussion is around "Why can't Kerberos just be used for your use >> cases?" The UMA principles might be able to inform how the OAuth WG >> makes its case for why Kerberos doesn't suffice. (If we discover it >> does, hey, our work here is done. :-) > > There are two threads here > > - why Kerberos _as such_ does or does not work for the use-cases > - what experiences from 3rd party schemes such as Kerberos or STS are > valuable for OAuth. > > Being long-time Kerberos-fanboy I still say that one of those threads > are interesting and the other isn't. > > I think its much more valuable to talk about how to distill experience > from Kerberos (etc) which are applicable to the design of OAuth.
Agreed. Do you know if anyone has written up the design principles behind (or lessons learned) from Kerberos and STS? If not, we'll need to start prodding people into sharing their wisdom... Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
