Thanks for the responses - they were very helpful.

On Thu, Apr 15, 2010 at 5:12 AM, Eran Hammer-Lahav <e...@hueniverse.com>wrote:

>
>
>
> On 4/15/10 12:04 AM, "Evan Gilbert" <uid...@google.com> wrote:
>
> > - What does it mean to have successive drafts? And if we move an issue to
> the
> > next draft, what does that practically mean?
> > - How does the bill become a law?
>
> Drafts are numbered but not versioned and they are not reference-able. They
> expire after 6 month of publication and cannot be used as normative
> references from other specifications. So in practice the latest draft is
> simply a representation of where the working group is in terms of progress.
>
> When the WG is done, it issues a last call to see if anyone in the WG still
> has open issues. You can have multiple last calls if a last calls demands
> significant changes.
>
> Once the working group is satisfied with its draft, it goes to an IETF last
> call with the same process but with feedback coming from the entire
> community and sent back to the WG to be worked out.
>
> As any given time, the WG does not have to accommodate feedback but should
> account for it (reply and explain why). The IETF last call includes
> official
> review from other areas such as the security area. These reviews must be
> addressed (in the same manner though).
>
> When the document passed through both last calls, it goes to the IESG which
> is the IETF governing body consisted of the area directors and the IESG
> chair. The IESG votes on the draft to approve or discuss it. There is no
> 'No' vote in the IESG (you need 10 yes/abstain votes and no requests to
> discuss the draft for approval).
>
> IESG discussion can take a while until all the area directors are
> satisfied.
> At that point the document is done and can be referenced, but can take
> months to be published as an RFC. The process doesn't end there but the
> vast
> majority of people treat the RFC as a standard (it is actually just a
> proposed standard) and ignore the rest.
>
> > - What is the expected timing of these drafts?
>
> Like any standards process it takes as long as it takes. OAuth 1.0 took
> about a year without becoming a standard. Once the WG is done, it should
> take about 3-6 months for IESG approval and another 3-6 months for RFC
> publication.
>
> BUT -
>
> Companies can implement the drafts for beta or experimental purposes and
> keep them up to date as much as possible. Once the WG draft is done,
> companies can ship it with the expectation that it can still change but
> with
> a general timeline of about 6 months to a year. The primary reason for
> changes after WG LC are security requirements.
>
> As for the WG timing, it is hard to say because we still have a long list
> of
> open issues. The biggest reasons for WG slowness are busy editors and laid
> back chairs. I don't think editorial work is going to slow the WG, but when
> it comes to closing issues, we rely on the chairs to make consensus calls
> and close open issues when the WG is stuck.
>
> That said, I think the current draft is close to what OAuth 2.0 should look
> like and the list of issues has remained about the same for the past month.
>
> EHL
>
>
>
>
>
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to