On Feb 20, 2018, at 08:43, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > > IMHO the biggest problem with "onboarding" is that people create new terms > without specifying what they actually mean and thereby fail to see the > relationship with existing work.
Right. I have no idea what client registration has to do with “onboarding”, but I use that term for the initial integration of a device into a network only. I continue to believe that we need a clear understanding of what information is exchanged during client registration that is relevant to the ACE OAuth. There definitely will also be other information (“business logic”, and you can call the exchange of that part of the registration info “onboarding” if you like), and that is where the vendor differentiation can set in, but we should have no trouble defining the ACE content of client registration. If we don’t define that ACE content, there is no way to know whether ACE OAuth is secure. Defining the ACE content of the client registration as a set of data structures also helps with achieving actual interoperability, even if additional business logic is required in a specific case. Grüße, Carsten _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace