I don't see how moving the discussion/work on these features elsewhere will help reach consensus on them. If someone has an idea that fails to get momentum on this list, they should work harder or reach out to the key people on this list in private and try to talk them into supporting it. Back-channels are an important tool of creating a standard (as long as all decisions are always made on the public list).
But I'm not going to stop anyone from playing with the wiki... (or publish their own extension I-D). EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Evan Gilbert Sent: Monday, May 10, 2010 4:50 PM To: Brian Eaton Cc: OAuth WG (oauth@ietf.org) Subject: [OAUTH-WG] Provisional OAuth enhancements I'm seeing a few OAuth features in spec discussions which: - Feel like it would be a major omission if they don't make it into OAuth 2.0, but - Haven't been used previously or even prototyped, which makes people uncomfortable with adding to the spec This includes the scope / sites syntax discussion (among others). I'm wondering if there would any interest in collaborating on a Wiki for "provisional" spec enhancements. The goal would be have a place for early implementers to share a spec- these changes would not go into the OAuth 2.0 draft until we have implementation experienc. However discussions would still be on the main mailing list. On Mon, May 10, 2010 at 4:11 PM, Brian Eaton <bea...@google.com<mailto:bea...@google.com>> wrote: On Mon, May 10, 2010 at 7:32 AM, Manger, James H <james.h.man...@team.telstra.com<mailto:james.h.man...@team.telstra.com>> wrote: > HTTP Digest uses (A) [A. List of URI prefixes]. (A) is a pretty good match to > how Google uses scope > values. It's not, actually. Our scopes are sometimes URI prefixes, and sometimes are not. The reality is complicated, and to be honest is poorly documented. We're working on it. As I've said in a few other e-mail threads, I think it would be a serious mistake to publish a standard that doesn't reflect things that are already deployed in the wild and are well-understood. If people want to see systems that automatically determines scopes and reuses tokens, I think they should go and build those systems. Then come back to the community with explanations of what they did, and why other people should adopt it. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
