> I'll ask the chairs to open an issue for this. The chairs consider themselves asked, and have opened a ticket: http://trac.tools.ietf.org/wg/oauth/trac/ticket/23
> My proposed requires CSRF protected without adding additional requirements, > and therefore, is within the scope of my editorial discretion. IOW, my text is > already well-within working group consensus. Your text has not established > consensus, and I have listed actual issues with the proposed text which none > of the authors have addressed so far. This chair disagrees with the editorial prerogative at this point. I have not discussed this with my co-chairs, and perhaps they don't agree with me. I agree with Eran that the issue isn't settled -- that the Tony/Yaron/Torsten/Phil text, and the normative change it proposes, does not yet have WG consensus. And I note Eran's objection and the reasons for it, and I agree that it needs more discussion. But I believe the T/Y/T/P proposal has enough backing that it's the one that should be floated in the next version of the document right now. That by no means makes it final, and the chairs will track the discussion and make a proper consensus judgment at the appropriate time. I also think it's perfectly acceptable for the editor to put both versions of the text in, with a note that the WG must choose which way to go. Eran, is that a path you can tolerate? Barry, as chair _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
