Hi Eran, all, On 09/05/11 18:01, Eran Hammer-Lahav wrote: > >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Hannes Tschofenig >> Sent: Monday, May 09, 2011 4:25 AM > >> Goals and Milestones >> May 2011 Submit 'HTTP Authentication: MAC Authentication' as a >> working group item > > I am still not convinced this is the right working group for this document. > This is an active document with a pending -04 version coming this week. Out > of 26 pages, only 1 discusses OAuth 2.0 (and 2 more pages handle the > registration requirements). My two co-authors, Adam Barth and Ben Adida are > not members of this working group. In addition, this working group have shown > little to no interest this document to date, offering very limited feedback. > > I much rather keep this document as an individual submission discussed on > apps-discuss, and make sure it includes the HTTPbis, HTTP-State, and OAuth > working groups in its last call process. > > I would like to hear what the Stephen (security AD) and Peter (application > AD) think about the right venue for this draft.
I chatted briefly with Peter and think that we're both happy that the mac draft be done in oauth with additional last call(s) in other relevant places, particularly httpbis. Figuring out which places can be done just before wglc here. Part of the logic for doing it here is that without the mac draft, oauth2.0 would appear to be less secure than oauth1.0 which is not an outcome I want to see. Taking the mac draft via some other route would therefore likely result in delay in getting the mac draft done, and hence delay in terms of getting an RFC for oauth2.0. If I think the oauth2.0 spec (or set of specs) sent to me as AD is less secure than oauth1.0 then I'll almost certainly send it back to the wg to fix that. In terms of rechartering this wg - as Barry said the time to discuss that is *after* the current work is done, not now. I'm sure there'll be the usual full and frank discussion on the list at that point:-) Proposing that the wg close at that point is fine and the chairs will I'm sure do a good job of establishing the rough consensus on that then. And finally, as to the use-cases document, the only, but significant, reason to hold it for now, is so it doesn't get in the way of the main work. Even the most innocuous and well-written draft can cause plenty of mail and delay so let's just shelve that draft for a few months and get done with the main goals of the wg. I guess given the spurt of mail I'll wait a few days before pushing the charter onwards in case the chairs want to tweak something. S. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
