On Thu, Jan 27, 2011 at 6:23 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > As for the open issues: the bearer token scheme name - if it wasn’t clear, I > plan to use every mean available to me to block the bearer token draft from > using the ‘OAuth2’ scheme name, and will raise this issue in the WGLC, Area > Director review, IETF LC, and direct appeal to the IESG if necessary. You > might consider this childish, but I consider bearer tokens a disaster > waiting to happen and will not allow the weakest form of token > authentication to carry the strongest form of endorsement and perception > (via the OAuth brand).
I do respect your opinion Eran, but is there consensus around this? If anything, the consensus seems to be around bearer tokens. As far as I can tell this is the big selling point of OAuth 2 and all implementations I am aware of will support it. For all intents and purposes OAuth 2 is bearer tokens. > At the end, you might get the scheme name you want, but it will cost you > significant delays in getting that document published as an RFC and with a > Proposed Standard designation. So far you have failed to raise any technical > justification for your insistence of using that name. The only reason so far > is that it will be less confusing. Perhaps. But will be more damaging. Such delays would be unfortunate, I truly hope we can sort this out. > After > all, why would anyone look at the MAC token specification or other stronger > authentication schemes, when you offer them the “official” OAuth 2.0 scheme. That's a good point. What about using a common prefix for all OAuth 2 related scheme names? Something like "OAuth2Bearer", "OAuth2Mac". Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
