-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some news from IETF 75...
- -------- Original Message --------
Subject: [OAUTH-WG] Breakfast BoF minutes
Date: Wed, 29 Jul 2009 08:50:02 +0200
From: Peter Saint-Andre <stpe...@stpeter.im>
To: oa...@ietf.org <oa...@ietf.org>
We just finished an OAuth breakfast Bof at IETF 75. Here are the topics
we discussed, in no particular order. Various folks at the meeting
volunteered to start separate threads about some of these.
1. OAuth for delegation. Currently the spec addresses only single-layer
delegation ("three-legged") and is silent about multi-layer delegation.
If we don't define this in a standard way, different people will find
different, non-standard ways to do it. We need to gather use cases and
work on specifying it.
2. Non-WWW use cases. Let's gather these (shared calendaring, XMPP
chatroom ownership, exchange of app-level blobs, etc.).
3. OAuth for authentication. In this case, OAuth could be used to
replace DIGEST for authn. It's possible that SCRAM could be used as a
signing method. The group also talked about defining various related
SASL mechanisms (SAML, OpenID, OAuth).
4. Channel bindings. There are similarities here to HTTPS/DIGEST (Leif
Johansson mentioned an expired I-D about this and volunteered to post to
the list).
5. Attribute extensions. Could we use OAuth for transporting existing
SAML formats?
6. Split off the header signing aspects of OAuth, or at least call that
out more clearly in the spec? Someone at the BoF likened this to "DKIM
for the Web".
7. The spec is not designed to be profiled and extended. Is this OK?
8. Do callbacks need to be forward-ported to the I-D?
9. Discussion redirects. Currently most folks still take their items to
the googlegroups list. That's fine, but going forward we would like to
use the WG list for topics related to the core specifications.
If you were at the BoF and see errors in what I've reported, please post
in reply.
Thanks!
Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpwD90ACgkQNL8k5A2w/vxD7wCgyweZFXLPvVrrIH61g3JpNUa1
VdUAnRG52UQleYkEFP9Q2FGRTrCRkN2j
=+lAc
-----END PGP SIGNATURE-----
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
