Those interested in helping edit the text directly can follow along on this GitHub fork:
https://github.com/jricher/oauth.net/tree/authentication Once a reasonable number of eyes have seen that page, we'll get it published onto oauth.net. Aaron Parecki has offered to add a "Draft" banner to the article page, inviting comments and edits via GitHub. -- Justin On Oct 16, 2014, at 12:54 PM, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Participants: > > * Brian Campbell > * John Bradley > * Derek Atkins > * Phil Hunt > * William Kim > * Josh Mandel > * Hannes Tschofenig > > > Notes: > > Justin distributed a draft writeup and explained the reasoning behind > it. The intended purpose is to put the write-up (after enough review) on > oauth.net. See attachments. Justin solicited feedback from the > conference call participants and from the working group. > > One discussion item was specifically related to the concept of audience > restrictions, which comes in two flavours: (a) restriction of the access > token regarding the resource server and (b) restriction of the id token > regarding the client. Obviously, it is necessary to have both of these > audience restrictions in place and to actually check them. > > The group then went into a discussion about the use of pseudonyms in > authentication and the problems deployments ran into when they used > pseudonyms together with a wide range of attributes that identified > users nevertheless. Phil suggested to produce a write-up about this topic. > > Finally, the group started a discussion about potential actions for the > OAuth working groups. Two activities were mentioned, namely to produce > an IETF draft of the write-up Justin has prepared as a "formal" response > to the problems with authentication using OAuth and, as a second topic, > potential re-chartering of the OAuth working group to work on some > solutions in this area. Hannes suggested to postpone these discussions > and to first finish the write-up Justin had distributed. > > Ciao > Hannes & Derek > <Authentication with OAuth 2.doc><Authentication with OAuth > 2.html><Authentication with OAuth > 2.pdf>_______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
