Because it's intended for (and used for) discovery of OAuth endpoints... -----Original Message----- From: Eran Hammer-Lahav [mailto:e...@hueniverse.com] Sent: Thursday, October 20, 2011 12:42 PM To: Mike Jones; Hannes Tschofenig; OAuth WG Subject: RE: [OAUTH-WG] Rechartering
What possible rational is there for SWD to belong in the OAuth working group and in the security area? EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Mike Jones > Sent: Thursday, October 20, 2011 12:12 PM > To: Hannes Tschofenig; OAuth WG > Subject: Re: [OAUTH-WG] Rechartering > > Thanks, Hannes. Here's my prioritized list of new work: > > 1. JSON Web Token (JWT) > 2. Simple Web Discovery (SWD) > 3. JSON Web Token (JWT) Bearer Token Profile 4. Token Revocation > > My prioritized list of existing work items to complete after the core > and bearer specs are: > > A. Assertions Specification > B. SAML Bearer Token Profile > > I am ambivalent about whether the working group takes on most of the > other work items. > > Responding to Eran's comments on SWD versus host-meta, these specs > have significantly different goals and use substantially different > mechanisms with different privacy characteristics. Also, if you > compare the relative complexity of the example at > http://tools.ietf.org/html/draft-hammer-hostmeta- > 17#appendix-A versus the example at > http://tools.ietf.org/html/draft-jones- > simple-web-discovery-01#section-1, you can see why SWD was chosen for > use in OpenID Connect to discover OAuth authorization and resource > server endpoints. > > -- Mike > > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Hannes Tschofenig > Sent: Wednesday, October 19, 2011 10:09 PM > To: OAuth WG > Subject: [OAUTH-WG] Rechartering > > Hi all, > > in preparation of the upcoming IETF meeting Barry and I would like to > start a re-chartering discussion. We both are currently attending the > Internet Identity Workshop and so we had the chance to solicit input > from the participants. This should serve as a discussion starter. > > Potential future OAuth charter items (in random order): > > ---------------- > > 1) Dynamic Client Registration Protocol > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/ > > 2) Token Revocation > > Available document: > http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ > > 3) UMA > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/ > > 4) Client Instance Extension > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt > > 5) XML Encoding > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt > > 6) JSON Web Token > > Available document: > http://tools.ietf.org/html/draft-jones-json-web-token-05 > > 7) JSON Web Token (JWT) Bearer Profile > > Available document: > http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00 > > 8) User Experience Extension > > Available document: > http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00 > > 9) Request by Reference > > Available document: > http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00 > > 10) Simple Web Discovery > > Available document: > http://tools.ietf.org/html/draft-jones-simple-web-discovery-00 > > ---------------- > > We have the following questions: > > a) Are you interested in any of the above-listed items? (as a > reviewer, co- author, implementer, or someone who would like to > deploy). It is also useful to know if you think that we shouldn't work on a > specific item. > > b) Are there other items you would like to see the group working on? > > Note: In case your document is expired please re-submit it. > > Ciao > Hannes & Barry > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
