This work had many issues in the OpenID WG where it failed why should this be a WG item here ? The does meet the requirements for experimental, there is a fine line between informational and experimental, I would be OK with either but prefer experimental, I don’t think that this should become a standard.
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley Sent: Wednesday, January 20, 2016 12:11 PM To: Nat Sakimura <sakim...@gmail.com> Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps PS as you probably suspected I am in favour of moving this forward. On Jan 20, 2016, at 5:08 PM, Nat Sakimura <sakim...@gmail.com<mailto:sakim...@gmail.com>> wrote: +1 for moving this forward. 2016年1月21日木曜日、John Bradley<ve7...@ve7jtb.com<mailto:ve7...@ve7jtb.com>>さんは書きました: Yes more is needed. It was theoretical at that point. Now we have implementation experience. On Jan 20, 2016, at 3:38 PM, Brian Campbell <bcampb...@pingidentity.com<javascript:_e(%7B%7D,'cvml','bcampb...@pingidentity.com');>> wrote: There is https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00#appendix-A<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-wdenniss-oauth-native-apps-00%23appendix-A&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JWJmgLNPYe96GHUu67JZ1xdUN3T3c7kDNLQc8wniaDQ%3d> which has some mention of SFSafariViewController and Chrome Custom Tabs. Maybe more is needed? On Wed, Jan 20, 2016 at 10:45 AM, John Bradley <ve7...@ve7jtb.com<javascript:_e(%7B%7D,'cvml','ve7...@ve7jtb.com');>> wrote: Yes, in July we recommended using the system browser rather than WebViews. About that time Apple announced Safari view controller and Google Chrome custom tabs. The code in the OS is now stable and we have done a fair amount of testing. The OIDF will shortly be publishing reference libraries for iOS and Android to how how to best use View Controllers, and PKCE in native apps on those platforms. We do need to update this doc to reflect what we have learned in the last 6 months. One problem we do still have is not having someone with Win 10 mobile experience to help document the best practices for that platform. I don’t understand that platform well enough yet to include anything. John B. On Jan 20, 2016, at 12:40 PM, Aaron Parecki <aa...@parecki.com<javascript:_e(%7B%7D,'cvml','aa...@parecki.com');>> wrote: The section on embedded web views doesn't mention the new iOS 9 SFSafariViewController which allows apps to display a system browser within the application. The new API doesn't give the calling application access to anything inside the browser, so it is acceptable for using with OAuth flows. I think it's important to mention this new capability for apps to leverage since it leads to a better user experience. I'm sure that can be addressed in the coming months if this document is just the starting point. I definitely agree that a document about native apps is necessary since the core leaves a lot of guessing room for an implementation. For reference, https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_26<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fdeveloper.apple.com%2flibrary%2fprerelease%2fios%2freleasenotes%2fGeneral%2fWhatsNewIniOS%2fArticles%2fiOS9.html%23%2f%2fapple_ref%2fdoc%2fuid%2fTP40016198-DontLinkElementID_26&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hQ6JGBJjX%2fwm36N6MpGeXbNQzwJaf6G6eyGxRVQH4ZA%3d> And see the attached screenshot for an example of what it looks like. <embedded-oauth-view.png> ---- Aaron Parecki aaronparecki.com<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2faaronparecki.com%2f&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=S5aoD2X1pzBvy3qsEfPfyDCY0SQRqN7J6M%2fDLJz%2fUew%3d> @aaronpk<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftwitter.com%2faaronpk&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=nEN2jz2zsIWlcJ%2bSWotUH8oLPFJ8ii4o49G0cEHYmQo%3d> On Tue, Jan 19, 2016 at 3:46 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net<javascript:_e(%7B%7D,'cvml','hannes.tschofe...@gmx.net');>> wrote: Hi all, this is the call for adoption of OAuth 2.0 for Native Apps, see http://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdatatracker.ietf.org%2fdoc%2fdraft-wdenniss-oauth-native-apps%2f&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=2cQwLQLkCiFWxIIav5TMZFe5VFE%2bXrc3OQq46q0D0U8%3d> Please let us know by Feb 2nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group. Note: If you already stated your opinion at the IETF meeting in Yokohama then you don't need to re-state your opinion, if you want. The feedback at the Yokohama IETF meeting was the following: 16 persons for doing the work / 0 persons against / 2 persons need more info Ciao Hannes & Derek _______________________________________________ OAuth mailing list OAuth@ietf.org<javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=m5%2f3yd6Jtwu0mVOejfZi1BQsYtBZ0WjfHTaC4g9GmK0%3d> _______________________________________________ OAuth mailing list OAuth@ietf.org<javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=m5%2f3yd6Jtwu0mVOejfZi1BQsYtBZ0WjfHTaC4g9GmK0%3d> _______________________________________________ OAuth mailing list OAuth@ietf.org<javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=m5%2f3yd6Jtwu0mVOejfZi1BQsYtBZ0WjfHTaC4g9GmK0%3d> -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fnat.sakimura.org%2f&data=01%7c01%7ctonynad%40microsoft.com%7cfd93a3d44152476b186e08d321d5d579%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=LKjUffXFJjc4HJqcwkgWINQK65ASdL29nfenSiJspjA%3d> @_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
