Hi all, The OAuth assertion document has received DISCUSSes as you can see from the data tracker at [1]. I've been chatting with the chairs and the ADs with those DISCUSSes in the last few days.
The main concern is that these documents do not sufficiently specify the functionality that is needed (MTI) in order to develop an interoperable implementation. This concern is, unfortunately, also applicable to the two assertion instance documents, the JWT (draft-ietf-oauth-jwt-bearer) and the SAML (draft-ietf-oauth-saml2-bearer) documents. I've therefore decided to send the assertion document back to the working group and to recommend to the group to resubmit them for publication once these blocking DISCUSSes have been addressed satisfactory. I think this will need some consideration of both the assertions framework and the saml/jwt drafts. (Probably submitting two or three of those at once makes better sense anyway.) To help resolve this we're planning to meet at lunch time on the Monday of the IETF just before the oauth session. The goal of that chat is to try to figure out what'll need doing to get these documents ready, so that that plan can be presented as a semi-worked out proposal at the oauth session later that day. I'd like to have the document editors/authors, chairs and discussing ADs there if possible. (I'll send details.) If someone else really needs to be there, let me know but I think starting with the smaller group will be more tractable. If everyone thinks we need to just work it out at the WG session that's fine and we can skip the lunchtime meeting, but I'd say we're likely to end up in the same place but take longer. However, if this can be sorted on the list beforehand that's much better of course, so please do try to do that starting now. (That is, let's not start by quibbling about process and lunchtime meetings but by discussing the DISCUSSes:-) Regards, Stephen. [1] http://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/ballot/. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
