> a) Instead of another "easy-to-read" specification document > of some kind, might be easier to write an OAuth Primer (similar to what > W3C does). The document can have a section on "Lessons learned from > implementations". Naturally all of these will get folded into the RFC.
The spec needs work and given the fact we are taking it into a new process, now is the time to clean it up. As always, the biggest challenge is lack of people willing/able to write. > b) You had mentioned lack of good open source libraries. I > agree that it is important to have good libraries. Which libraries do > need work ? Is there a list of tasks or some sort of pointers ? If we > have a Wiki page and a list of work to be done - even at a very high > granular level - then it will make it easier for folks to pitch-in as > time permits. I know this is very BA-centric but I would like to have a meetup to do some code reviews and make such issues lists. > c) BTW, moving to IETF is very good. A standard under a > well-accepted body like IETF makes it easier for corporations to adopt. > In the process, we also get visibility from the security community plus > a deliberate-systemic approach for growth. Not moving, branching out. EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---