> -----Original Message----- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Tuesday, August 03, 2010 8:25 AM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > > > > The main problem is lack of authors/editors to put the work in, not lack of > ideas. I still hope to get the discovery spec finished in the same timeframe, > but have no plans to author or edit any other draft. > > Just to get this clear. Do you plan to author the discovery spec? And what is > the core spec's timeframe?
I have started to write the discovery spec, but work on the core spec has taken most of my free time to do this (OAuth is not part of my day job). I have no idea what's the timeframe for the core spec. This groups isn't very good at providing timely feedback and staying focused. So far no one has offered to work on the security consideration section (Brian's draft is too far from the format I need to incorporate). I am planning the next draft for early September which will include the few changes raised on the list, but will focus on finding a middle ground between detailed profiles and a generic architecture (editorial work). EHL > >> What about the following topics? > >> - security considerations > > > > That's part of core and someone has to write it. I'd like to see someone > take the security section from RFC 5849 and rework it to match 2.0, as well as > add everything that is missing. I will incorporate it and take care of the > editorial work but I am not writing it from scratch. > > > >> - token revocation (requested by several attendees during Maastricht > >> WG meeting) > > > > Someone needs to write a proposal and work to get WG consensus (to the > point where enough people say they like it and no one is objecting). Get it > there, I'll do the rest. Feel free to ask the chairs to help out. > > > >> - signatures > > > > I think Nat offered to take a stab at a first draft based on Dirk's work and > the WG discussions. I have offered to help with editorial work if requested. > > > > EHL > > > >> regards, > >> Torsten. > >> > >> > >> Am 02.08.2010 um 22:33 schrieb Eran Hammer-Lahav > >> <e...@hueniverse.com>: > >> General discussions on the list and during the interim meeting. > >> > >> EHL > >> > >> > >> -----Original Message----- > >> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > >> Sent: Monday, August 02, 2010 1:20 PM > >> To: Eran Hammer-Lahav > >> Cc: OAuth WG (oauth@ietf.org) > >> Subject: Re: [OAUTH-WG] Extensibility: new endpoints > >> > >> What consensus do you refer to? The WG charter? > >> > >> regards, > >> Torsten. > >> > >> Am 02.08.2010 22:18, schrieb Eran Hammer-Lahav: > >> No according to WG consensus. We took it all out because too many > >> people considered it experimental, so while it may be a WG item, it > >> is not part of the core spes. > >> > >> EHL > >> > >> > >> -----Original Message----- > >> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > >> Sent: Monday, August 02, 2010 1:07 PM > >> To: Eran Hammer-Lahav > >> Cc: OAuth WG (oauth@ietf.org) > >> Subject: Re: [OAUTH-WG] Extensibility: new endpoints > >> > >> and discovery does not belong into the core? > >> > >> regards, > >> Torsten. > >> > >> Am 02.08.2010 22:05, schrieb Eran Hammer-Lahav: > >> > >> This doesn't belong in core. A registry is used to avoid name > >> collisions, not > >> > >> to provide an inventory. > >> > >> Maybe in discovery. > >> > >> EHL > >> > >> > >> > >> -----Original Message----- > >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > >> Behalf Of Torsten Lodderstedt > >> Sent: Monday, August 02, 2010 12:54 PM > >> To: OAuth WG (oauth@ietf.org) > >> Subject: [OAUTH-WG] Extensibility: new endpoints > >> > >> the existing authorization server endpoints (end-user authorization > >> and tokens endpoint) have a relatively clearly semantics and scope. > >> Adding distinct new functions to an authorization server will (in my > >> opionion) require the definition of new endpoints. For example, I'm > >> working on an I-D for token revocation. Such a function does not fit > >> into the tokens endpoint since it has become a "token issuance > >> endpoint" rather than a general purpose client2server endpoint. > >> > >> I therefore would propose to include the option to define and > >> register new endpoints into the Extensibility section of the spec. > >> This would also facilitate the incorporation of additional endpoints > >> (with well- defined names) into OAuth discovery. > >> > >> Any thoughts? > >> > >> regards, > >> Torsten. > >> > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > >> > >> > >> > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
