> Unless I hear a “no” from Mark, the chairs, or Stephen I’ll plan to publish > -15 over the weekend. (Or if I hear a “yes”, I’ll do so right away. J)
In general, I always prefer that people have the latest text to review and comment on, and when there are significant updates to distribute, a new version is a good thing. Versions are cheap, so we should publish them often. So, that's a yes. There's also something else I want to say: I consider Mark's comments to be significant and important, and I don't consider them to have been adequately addressed. He's brought up concerns that the working group had not previously thought about, and which are real problems in how communication with web services works, with respect to bearer tokens. Let me point out that "this represents working-group consensus" is not always a valid response. If the working group has actually considered the *issue*, that might be OK. But if there's consensus for the chosen solution and someone brings up a *new* issue with it, that issue needs to be addressed anew. Suppose the working group looks at a particular question and decides on solution X. Suppose there's not really even any argument, but unanimous agreement that X is the simplest approach, and everyone strongly supports X. So that goes into the document. Then someone reviews it and says, "Solution X has a very nasty failure mode in situation Q, and that makes it extremely problematic for this usage. You really need to do Y or Z in order for it to work safely." Saying that X represents working-group consensus doesn't fly here. It does, but the working group never thought about the situation-Q failure condition, and now has to address things in that light. The answer *after* that might be "Consensus is that Q will never arise in our usage, so X remains viable, and is the best solution for us," and that's OK. But the discussion and the consideration of alternatives that don't have the cited problem needs to happen. As Mark points out, he does not have the standing to block the publication of anything; he has just brought up issues that he sees with the document as it stands. But the chairs, the responsible AD, and, ultimately, the rest of the IESG can block publication if substantive issues have not been addressed, and we think that the unresolved problems could be bad for the Internet. The working group needs to make sure that it's clear how those substantive issues have been addressed, or why they don't matter. Barry, as chair _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
