> -----Original Message----- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Tuesday, August 03, 2010 7:00 AM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > I'm fine with specifying OAuth discovery in an additional I-D/RFC (along with > the extension I have asked for). As a consequence, does this mean you will > remove all references to OAuth Discovery from the core specification?
If we get a discovery spec ready in time, I'll reference it as one way to obtain configuration info. Otherwise I'll remove the references which are already marked with []. > Beside that, this raises another question: Are there additional functional > areas to be include into the core spec? How many additional WG items/ > upcoming RFCs complementing the core spec are planned? I am sure there are going to be more WG items. Discovery might be one, signatures are likely to be one. Then there is the SAML work, artifact binding, device profile, UX, identity... The main problem is lack of authors/editors to put the work in, not lack of ideas. I still hope to get the discovery spec finished in the same timeframe, but have no plans to author or edit any other draft. > What about the following topics? > - security considerations That's part of core and someone has to write it. I'd like to see someone take the security section from RFC 5849 and rework it to match 2.0, as well as add everything that is missing. I will incorporate it and take care of the editorial work but I am not writing it from scratch. > - token revocation (requested by several attendees during Maastricht WG > meeting) Someone needs to write a proposal and work to get WG consensus (to the point where enough people say they like it and no one is objecting). Get it there, I'll do the rest. Feel free to ask the chairs to help out. > - signatures I think Nat offered to take a stab at a first draft based on Dirk's work and the WG discussions. I have offered to help with editorial work if requested. EHL > regards, > Torsten. > > > Am 02.08.2010 um 22:33 schrieb Eran Hammer-Lahav > <e...@hueniverse.com>: > General discussions on the list and during the interim meeting. > > EHL > > > -----Original Message----- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Monday, August 02, 2010 1:20 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > What consensus do you refer to? The WG charter? > > regards, > Torsten. > > Am 02.08.2010 22:18, schrieb Eran Hammer-Lahav: > No according to WG consensus. We took it all out because too many people > considered it experimental, so while it may be a WG item, it is not part of > the > core spes. > > EHL > > > -----Original Message----- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Monday, August 02, 2010 1:07 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > and discovery does not belong into the core? > > regards, > Torsten. > > Am 02.08.2010 22:05, schrieb Eran Hammer-Lahav: > > This doesn't belong in core. A registry is used to avoid name collisions, not > > to provide an inventory. > > Maybe in discovery. > > EHL > > > > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Torsten Lodderstedt > Sent: Monday, August 02, 2010 12:54 PM > To: OAuth WG (oauth@ietf.org) > Subject: [OAUTH-WG] Extensibility: new endpoints > > the existing authorization server endpoints (end-user authorization and > tokens endpoint) have a relatively clearly semantics and scope. > Adding distinct new functions to an authorization server will (in my > opionion) require the definition of new endpoints. For example, I'm working > on an I-D for token revocation. Such a function does not fit into the tokens > endpoint since it has become a "token issuance endpoint" rather than a > general purpose client2server endpoint. > > I therefore would propose to include the option to define and register new > endpoints into the Extensibility section of the spec. > This would also facilitate the incorporation of additional endpoints (with > well- > defined names) into OAuth discovery. > > Any thoughts? > > regards, > Torsten. > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
