Hannes,
Many thanks for putting this together.
First, I strongly believe that the work that had already been identified
important and had started needs to be finished, and to this end I
consider the item that Torsten had brought forth, on *token revocation*,
to be of the highest priority. We have had a useful and comprehensive
discussion on the list, with quite democratic "vote" for options, and
Torsten has a draft. (Note that the options I "voted" for were not
accepted, but I am very happy with the process, and I will review the
drafts--and contribute to it whenever needed.) Again, to me the this is
a single most important item that needs to be completed, and I believe
that it can be completed fairly quickly.
Second, I am interested in the SAML interworking item. This will help
with moving OAuth into enterprise and possibly telecom, too. Again, I
plan to review and comment--and contribute, if required--on this item.
Third, I think the implementers guide is absolutely essential.
(Interestingly enough, the discussion of white spaces vs. commas in
yesterday's thread has effectively started this work.) In my opinion,
this item must be carried in parallel with others. I wonder if this
should be tied up with use cases. The use cases drive the protocol
definition and then effectively become the testing tool for the
protocol. Thus, for every use case, the guide could show an example
implementation.
Fourth, of course, I am interested in "identity management using OAuth."
This is not to say that I am not interested in the rest of the items. (I
am, and I could have listed them as the fifth item.) This is only my
personal view on priorities.
Igor
Hannes Tschofenig wrote:
I forgot an item already, namely 'identity management using OAuth' in
the style of OpenID Connect.
At IIW we also had a chat about an implementers guide and
interoperability tests. The idea of the implementers guide is create a
living document that captures implementation experience with different
programming languages and development frameworks. It was also expected
that implementers will bundle different profiles and different
extensions in their implementation and it would be useful to describe
their experience.
In any case, I think both items are important.
Ciao
Hannes
On 11.09.2010 19:59, Hannes Tschofenig wrote:
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main specification we should
discuss WG re-chartering.
The following items had been proposed at the meeting:
* Messaging Signing
Example:
http://www.ietf.org/mail-archive/web/oauth/current/msg04250.html
* User Experience Extensions
Example: http://datatracker.ietf.org/doc/draft-recordon-oauth-v2-ux/
* Artifact Binding
Example: http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
* SAML for OAuth
Example: http://datatracker.ietf.org/doc/draft-campbell-oauth-saml/
* Recommendations of commonly used Scope values
No draft available (to my knowledge)
* Dynamic Client Registration
Example: http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt
I am interested to hear
a) what items are important for you; we cannot work on everything at the
same time.
b) what items are you willing to co-author (requires a hard time
commitment)
c) what items are you willing to review
d) whether we should consider other items?
Btw, to have your work considered you have to submit an IETF draft.
Please use the Web tool to upload it:
https://datatracker.ietf.org/idst/upload.cgi
Also use the following filename convention:
draft-[author last name]-oauth-[some short name]-[version#].txt
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
