A draft to put the ideas together: https://www.ietf.org/archive/id/draft-hallambaker-any-00.html
I am working on a second document describing the @nywhere profile of OAuth as it currently stands. While this meets the (current) needs of BlueSky, it does not currently meet the needs of the ubiquitous authentication, communication and device configuration scheme I am building. I have ideas for how to modify the spec to get to where I think it should go. In particular, there needs to be a mechanism that allows the user to take full control of their DID and delegate the ability to sign posts under it rather than the root of trust being a private key controlled by the social media provider. So no, this is not finished as a standards proposal but the amount of work required may not be limited to defining a profile.
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
