Broadly agreeing with Dave here. The point of an IETF working group is not to do design, research or development. If you want to get the best spec possible there are much better forums. For example six people working together in a closed room.
The alpha and omega of standards work is to establish a support constituency for deployment. It is easy to develop a great spec, much harder to get people to adopt it. Measured by the standard of getting agreement to deploy the DIX protocol the BOF did not make much progress. That is the wrong measure to use. Protocols are a dime a dozen here. Measured against the standard of focusing attention on a particular set of use cases and the longstanding failure to get Internet wide single sign on to deploy the BOF was a considerable success. That is the hard part - getting people to believe that the area 1) is important enough to work on 2) is capable of being solved. With so many Identity 2.0 protocols on offer some form of requirements definition / bake off was inevitable. The winner of the bake off is going to be the protocol that demonstrates it best meets the proposal and requires the least new mechanism. There are some new use cases here that are not addressed in SAML. The dispute is whether an extension to address them within the SAML framework is or is not possible given that a possible requirement is 'do not use XML angle brackets'. The best way to win such bake offs is to align with an existing constituency that has a different deployment base, provided of course this can be done without unacceptable cost (i.e. a spec that looks like a dog's breakfast).
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
