On Tue, May 11, 2010 at 10:49 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > This is completely meaningless. > > This list is all vendors specific (including OAuth 1.0 which lacks any form > of discovery) which means libraries can easily hard-code the sites allowed > into their library. Also, because there really isn't any authentication > challenge involved, there is no issue with unfamiliar servers. > > On the other hand, browsers encounter Cookie and Basic authentication > requests all the time, and always with unfamiliar servers. That's the > relevant example.
Cookies and basic auth are largely irrelevant, because OAuth 2 doesn't need to replace cookies and basic auth. Cookies and basic auth work *just fine* in web browsers today. Every vendor participating in this discussion uses cookies, so I'd say that we have all the standardization we need in that space. OAuth 2 does need to replace all the vendor specific delegation protocols, though. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
