What possible rational is there for SWD to belong in the OAuth working group and in the security area?
EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Mike Jones > Sent: Thursday, October 20, 2011 12:12 PM > To: Hannes Tschofenig; OAuth WG > Subject: Re: [OAUTH-WG] Rechartering > > Thanks, Hannes. Here's my prioritized list of new work: > > 1. JSON Web Token (JWT) > 2. Simple Web Discovery (SWD) > 3. JSON Web Token (JWT) Bearer Token Profile > 4. Token Revocation > > My prioritized list of existing work items to complete after the core and > bearer specs are: > > A. Assertions Specification > B. SAML Bearer Token Profile > > I am ambivalent about whether the working group takes on most of the > other work items. > > Responding to Eran's comments on SWD versus host-meta, these specs have > significantly different goals and use substantially different mechanisms with > different privacy characteristics. Also, if you compare the relative > complexity > of the example at http://tools.ietf.org/html/draft-hammer-hostmeta- > 17#appendix-A versus the example at http://tools.ietf.org/html/draft-jones- > simple-web-discovery-01#section-1, you can see why SWD was chosen for > use in OpenID Connect to discover OAuth authorization and resource server > endpoints. > > -- Mike > > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Hannes Tschofenig > Sent: Wednesday, October 19, 2011 10:09 PM > To: OAuth WG > Subject: [OAUTH-WG] Rechartering > > Hi all, > > in preparation of the upcoming IETF meeting Barry and I would like to start a > re-chartering discussion. We both are currently attending the Internet > Identity Workshop and so we had the chance to solicit input from the > participants. This should serve as a discussion starter. > > Potential future OAuth charter items (in random order): > > ---------------- > > 1) Dynamic Client Registration Protocol > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/ > > 2) Token Revocation > > Available document: > http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ > > 3) UMA > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/ > > 4) Client Instance Extension > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt > > 5) XML Encoding > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt > > 6) JSON Web Token > > Available document: > http://tools.ietf.org/html/draft-jones-json-web-token-05 > > 7) JSON Web Token (JWT) Bearer Profile > > Available document: > http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00 > > 8) User Experience Extension > > Available document: > http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00 > > 9) Request by Reference > > Available document: > http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00 > > 10) Simple Web Discovery > > Available document: > http://tools.ietf.org/html/draft-jones-simple-web-discovery-00 > > ---------------- > > We have the following questions: > > a) Are you interested in any of the above-listed items? (as a reviewer, co- > author, implementer, or someone who would like to deploy). It is also useful > to know if you think that we shouldn't work on a specific item. > > b) Are there other items you would like to see the group working on? > > Note: In case your document is expired please re-submit it. > > Ciao > Hannes & Barry > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
