I can work with that. Thanks. EHL
> -----Original Message----- > From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie] > Sent: Tuesday, May 10, 2011 3:25 AM > To: Eran Hammer-Lahav > Cc: Hannes Tschofenig; oauth@ietf.org WG; Peter Saint-Andre > (stpe...@stpeter.im); 'Adam Barth (a...@adambarth.com)'; Ben Adida > Subject: Re: [OAUTH-WG] Revised OAuth Charter Text > > > Hi Eran, all, > > On 09/05/11 18:01, Eran Hammer-Lahav wrote: > > > >> -----Original Message----- > >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > >> Behalf Of Hannes Tschofenig > >> Sent: Monday, May 09, 2011 4:25 AM > > > >> Goals and Milestones > >> May 2011 Submit 'HTTP Authentication: MAC Authentication' as a > >> working group item > > > > I am still not convinced this is the right working group for this document. > This is an active document with a pending -04 version coming this week. Out > of 26 pages, only 1 discusses OAuth 2.0 (and 2 more pages handle the > registration requirements). My two co-authors, Adam Barth and Ben Adida > are not members of this working group. In addition, this working group have > shown little to no interest this document to date, offering very limited > feedback. > > > > I much rather keep this document as an individual submission discussed on > apps-discuss, and make sure it includes the HTTPbis, HTTP-State, and OAuth > working groups in its last call process. > > > > I would like to hear what the Stephen (security AD) and Peter (application > AD) think about the right venue for this draft. > > I chatted briefly with Peter and think that we're both happy that the mac > draft be done in oauth with additional last call(s) in other relevant places, > particularly httpbis. Figuring out which places can be done just before wglc > here. > > Part of the logic for doing it here is that without the mac draft, > oauth2.0 would appear to be less secure than oauth1.0 which is not an > outcome I want to see. Taking the mac draft via some other route would > therefore likely result in delay in getting the mac draft done, and hence > delay > in terms of getting an RFC for oauth2.0. > If I think the oauth2.0 spec (or set of specs) sent to me as AD is less secure > than oauth1.0 then I'll almost certainly send it back to the wg to fix that. > > In terms of rechartering this wg - as Barry said the time to discuss that is > *after* the current work is done, not now. I'm sure there'll be the usual full > and frank discussion on the list at that point:-) Proposing that the wg close > at > that point is fine and the chairs will I'm sure do a good job of establishing > the > rough consensus on that then. > > And finally, as to the use-cases document, the only, but significant, reason > to > hold it for now, is so it doesn't get in the way of the main work. Even the > most innocuous and well-written draft can cause plenty of mail and delay so > let's just shelve that draft for a few months and get done with the main goals > of the wg. > > I guess given the spurt of mail I'll wait a few days before pushing the > charter > onwards in case the chairs want to tweak something. > > S. > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
