It appears to me that the first part of the draft is an OAuth tutorial, while the last part is written in "shoulds." While a discussion of the user interface issues is interesting, I strongly believe that it is out of scope of OAuth. Other than that, I don't see anything that stands out as new or has not been discussed in the past year. Specifically, I don't see any references to the work that Torsten and Co. have done in the past six months, nor to the discussions that we had had on the list.
Given a ridiculously short time we have for the OAuth meeting, I wish that we don't spend any of it reinventing the wheel. I would like to see any discussion on security SPECIFICALLY reference the existing document and address its perceived gaps.
Perhaps Barry could do that in the next three days? Igor . Barry Leiba wrote:
I have also just submitted this draft: http://tools.ietf.org/html/draft-leiba-oauth-additionalsecurityconsiderations Hannes has asked me to talk about it for a few minutes in the OAuth meeting on Friday, and I plan to. Barry _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
