Chairs, I'd like to request some time to present the Software Statement and Client Association drafts as part of the overall Client registration discussion. The method Tony and I have proposed reflects a pattern (token swap using the 4.5 extension) that is actually in wide use today.
I would also like to hear more about John Bradley and Justin Richer's new http://www.ietf.org/internet-drafts/draft-bradley-stateless-oauth-client-00.txt draft. There is also yet another method of handling "association" (by using a split client with a server side client component holding client creds) that Dick Hardt talked about at IIW. If Dick is unable to attend, I would be happy to try to do justice to his idea. If we have time, it may be worthwhile discussing authentication draft that Tony and I submitted in Berlin. In particular, now that OIDC is finalizing, we should discuss whether it is better to align the user authen for clients draft 100% with OIDC or whether to keep it in a different direction. As it stands now, the draft is only partially aligned. I recognize this draft is NOT within the current charter, however if the group wants to discuss it (because it is timely), I am willing to put something together. Nat's TSCE draft also falls into the category of non-charter items. I think this is potentially an important extension or an errata to the current draft and is also a worthwhile new business item. Finally, I'm not sure who might be able to lead this (Tim?), but there was some interesting views expressed by Google staffers at this weeks IIW in Mountain View that seem to indicate that the need for client credentials in mobile apps may not need to be as strong as we thought or needed at all. This has interesting implications for the registration drafts we are discussing. Phil @independentid www.independentid.com phil.h...@oracle.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
