On 15 March 2012 17:31, Zeltsan, Zachary (Zachary) <zachary.zelt...@alcatel-lucent.com> wrote: > ... Considering OpenID Connect as a motivating use case for OAuth, SWD is > the one spec that would then be missing for this OAuth use case.
I worry that bringing OpenID Connect into OAuth (rather than building upon OAuth) will have detrimental effects for both efforts. OAuth is successful in part because we chose not to push OAuth-like functionality into the OpenID umbrella (which at the time was focused on shipping OpenID 2.0). It seems prudent to learn from the experience of WS-*, where everything was combined into one huge ball of standards-wax. The result was both impenetrable and not fit for purpose due to the many interdependencies (both social and technical) involved. Composition has served the IETF and the internet well, and nothing prevents the OpenID standards from being created in the context of a new working group, or from within the OpenID foundation. Indeed, it's been working quite well, and projects like the Account Chooser are showing great promise and focusing on the important things (UX) rather than specifications-for-specification's sake. b. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
