To be clear, I think signatures are important, and I think that standardizing them would be really useful. One of the early complaints about OAuth 1.0 was that the signature mechanism was different than the OpenID mechanism. Having a standard signature mechanism in this space seems like a good thing. Having a signature mechanism be an optional part of the OAuth spec makes them less appealing to others.
I also think that standard tokens are really useful, and that they would be useful in other places besides OAuth, which is why they are in a different spec. On 2010-09-25, at 7:54 AM, Eran Hammer-Lahav wrote: > My logic is that your suggested organization is based on your personal > preferences and what you consider core. If I applied my personal preference, > half of core would be elsewhere. My point is that deciding signatures is the > part belonging elsewhere is completely subjective to how important one think > it is. > > EHL > > > On 9/24/10 10:43 PM, "Dick Hardt" <dick.ha...@gmail.com> wrote: > > I don't follow your logic ... or perhaps I don't see why the spec needs to be > written in more than two parts. > > For example, the current spec does not specify the format of the token -- > which keeps it simpler and straight forward. There are separate draft specs > for standardizing the token. Similarly, I think the spec could be written to > not include signatures, and put signatures into a different, reusable spec. > If you would like help with that organization, I'll volunteer. :) > > -- Dick > > On 2010-09-24, at 7:24 PM, Eran Hammer-Lahav wrote: > > I’m happy to do that. But I will be breaking the spec into more than two > parts. Basically, I will be creating a version that does not force anyone to > read anything they might not care about. Clearly, we shouldn’t based > editorial decisions on what you want to read :-) > > EHL > > > On 9/24/10 5:21 PM, "Dick Hardt" <dick.ha...@gmail.com > <x-msg://14/dick.ha...@gmail.com> > wrote: > > -1 in core > > +1 to being referenced in core and being a separate document > > On 2010-09-23, at 6:43 PM, Eran Hammer-Lahav wrote: > > > Since much of this recent debate was done off list, I'd like to ask people > > to simply express their support or objection to including a basic signature > > feature in the core spec, in line with the 1.0a signature approach. > > > > This is not a vote, just taking the temperature of the group. > > > > EHL > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org <x-msg://14/OAuth@ietf.org> > > https://www.ietf.org/mailman/listinfo/oauth > > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth