I'm seeing a few OAuth features in spec discussions which: - Feel like it would be a major omission if they don't make it into OAuth 2.0, but - Haven't been used previously or even prototyped, which makes people uncomfortable with adding to the spec
This includes the scope / sites syntax discussion (among others). I'm wondering if there would any interest in collaborating on a Wiki for "provisional" spec enhancements. The goal would be have a place for early implementers to share a spec- these changes would not go into the OAuth 2.0 draft until we have implementation experienc. However discussions would still be on the main mailing list. On Mon, May 10, 2010 at 4:11 PM, Brian Eaton <bea...@google.com> wrote: > On Mon, May 10, 2010 at 7:32 AM, Manger, James H > <james.h.man...@team.telstra.com> wrote: > > HTTP Digest uses (A) [A. List of URI prefixes]. (A) is a pretty good > match to how Google uses scope > > values. > > It's not, actually. Our scopes are sometimes URI prefixes, and > sometimes are not. The reality is complicated, and to be honest is > poorly documented. We're working on it. > > As I've said in a few other e-mail threads, I think it would be a > serious mistake to publish a standard that doesn't reflect things that > are already deployed in the wild and are well-understood. > > If people want to see systems that automatically determines scopes and > reuses tokens, I think they should go and build those systems. Then > come back to the community with explanations of what they did, and why > other people should adopt it. > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
