Yes. I think automatic registration and other mechanisms for discovery and obtaining credentials are going to be extremely useful. We're just not there yet.
EHL > -----Original Message----- > From: Tschofenig, Hannes (NSN - FI/Espoo) > [mailto:hannes.tschofe...@nsn.com] > Sent: Thursday, February 03, 2011 5:03 AM > To: Eran Hammer-Lahav; Hannes Tschofenig; oauth@ietf.org > Subject: RE: [OAUTH-WG] Hum about 'Removal: HTTP Basic Authentication > for Client Credentials' > > > > The main question for me is: "What is mandatory to implement?" > > > > Nothing. The authorization server can support whatever client > > authentication methods it deems appropriate. *IF* client password > > credentials are supported, then the spec offers one way to provide > > them using parameters. The reason why this is not that important is > > that there is no real interop as it currently stands because the > > process of obtaining these client credentials is out of scope. > > In order to deploy Oauth one has to consider a number of components. > Today, many of them require proprietary mechanisms and steps executed > out-of-band. > > My hope, however, is that we (as part of this standardization work) improve > interoperability and thereby reduce the number of proprietary components. > > This topic seems to be one where standardization could indeed be helpful. > > Wouldn't you agree? > > Ciao > Hannes > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
