I think it would also help with handling revisions over time. Changes to signature specifications, etc over time, won't impact the core specification -- keeping it stable and well understood.
Maybe a compromise is to include the 1.0a stuff in the core spec as "legacy" (since it was in the 1.0 core), but reference a normative external signature extension specification document for 2.0 on. Phil phil.h...@oracle.com On 2010-09-27, at 9:43 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > Hi all > > I wonder whether the question of "signature in the main specification or in a > separate document" does not really matter. It is purely a matter of document > management style. > > The important question is whether there will be a **mandatory to implement** > or **mandatory to use** someone in the document set. Mandatory to use is > typically hard to enforce unless there is only one approach possible. This > does not seem to be the case. > > So, everything then boils down to the question: What is mandatory to > implement? (in this specific case with regard to security) > > Ciao > Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
