Please (re-)add my comments into your queue that the client assertion
credentials and WWW-Authenticate header should be retained. Also, per Marius'
note of January 20th, Google has plans to use the client assertion credentials
as well.
You argue that interop is not hindered by removing features that could be
defined as extensions. And that since additional knowledge is required to use
these features that is outside the scope of the specification, that there is no
value in retaining them.
The problem with those lines of reasoning is that the same arguments could be
applied to the whole specification. People *could* implement OAuth flows with
no OAuth specification at all. So why not get rid of all of it? Simply, that
interop is enhanced by having common ways to do common things -- even if some
additional knowledge is required to do them.
Please retain these features.
-- Mike
-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Thursday, January 20, 2011 9:42 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
Forgot to mention that I don't have any outstanding comments in my queue so if
your feedback was not incorporated into -12, and you feel strongly about it,
bring it up again.
EHL
> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Eran Hammer-Lahav
> Sent: Thursday, January 20, 2011 4:57 PM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
>
> Draft -12 is finally out.
>
> This is almost a complete rewrite of the entire document, with the
> primary goal of moving it back to a similar structure used in -05. I
> have been thinking about this for a few months and finally came up
> with a structure that combines the two approaches.
>
> The draft includes some major cleanups, significantly simpler
> language, reduces repeated prose, and tried to keep prose to the
> introduction and normative language in the rest of the specification.
> I took out sections that broke the flow, and did my best to give this
> a linear narrative that is easy to follow.
>
> The draft includes the following normative changes:
>
> o Clarified 'token_type' as case insensitive.
> o Authorization endpoint requires TLS when an access token is issued.
> o Removed client assertion credentials, mandatory HTTP Basic
> authentication support for client credentials, WWW-Authenticate
> header, and the OAuth2 authentication scheme.
> o Changed implicit grant (aka user-agent flow) error response from
> query to fragment.
> o Removed the 'redirect_uri_mismatch' error code since in such a
> case, the authorization server must not send the error back to the client.
> o Defined access token type registry.
>
> I would like to spend the coming week receiving and applying feedback
> before requesting a WGLC for everything but the security
> considerations section (missing) 2/1.
>
> EHL
>
>
>
> > -----Original Message-----
> > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
> > Behalf Of internet-dra...@ietf.org
> > Sent: Thursday, January 20, 2011 4:45 PM
> > To: i-d-annou...@ietf.org
> > Cc: oauth@ietf.org
> > Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Open Authentication Protocol
> > Working Group of the IETF.
> >
> >
> > Title : The OAuth 2.0 Authorization Protocol
> > Author(s) : E. Hammer-Lahav, et al.
> > Filename : draft-ietf-oauth-v2-12.txt
> > Pages : 46
> > Date : 2011-01-20
> >
> > This specification describes the OAuth 2.0 authorization protocol.
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-12.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail reader
> > implementation to automatically retrieve the ASCII version of the
> > Internet- Draft.
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
