On the security aspect: I will write a short text for the OAuth draft because the longer writeup by Torsten/Mar/Phil is targeting a different scope. So, you cannot just copy it.
On Mar 27, 2011, at 12:36 AM, Eran Hammer-Lahav wrote: > The security consideration section pending, this is the last open issue I > have to close as editor before the document is ready to leave the working > group. While this is silly business for many, it is very important to others, > so bear with me. I want to make sure we give everyone the proper recognition > they deserve. > > - Authors > > The document currently lists 1 editor (Eran Hammer-Lahav) and 2 authors > (David Recordon, Dick Hardt). The three names were originally selected to > reflect the compromise edited by David, combining the two document (OAuth 1.0 > RFC and WRAP I-D) edited by Dick and me. I am about to include a large chuck > of work written by Torsten Lodderstedt, Mark McGloin, and Phil Hunt. > > This raises the question of who should receive top billing. These are the > options I came up with (listed without any preference): > > - Leave the three names as in -13. > - Add the three additional names and obtain a special exception from the > IESG/AD (?) for listing more than 5 names (RFC rules). > - List only the editor (IETF norm). > - Some other criteria to show a different subset of names. > > Any of the above can be combined with moving the Contributors section to the > front (before the introduction) to give higher visibility to the > contributors. I honestly have no preference and given that my name is listed > as editor in the 3 alternatives, I will refrain from expressing an opinion. > > > - Contributors > > The following is the new Contributors appendix: > > Appendix A. Contributors > > This specification is the work of the OAuth Working Group which > includes dozens of active and dedicated participants. In particular, > the following individuals contributed ideas, feedback, and wording > which shaped and formed the final specification: > > Michael Adams, Andrew Arnott, Dirk Balfanz, Blaine Cook, Brian > Campbell, Leah Culver, Bill de hOra, Brian Eaton, Brian Ellin, Igor > Faynberg, George Fletcher, Tim Freeman, Evan Gilbert, Yaron Goland, > Brent Goldman, Kristoffer Gronowski, Justin Hart, Craig Heath, Phil > Hunt, Michael B. Jones, John Kemp, Mark Kent, Raffi Krikorian, Chasen > Le Hara, Rasmus Lerdorf, Torsten Lodderstedt, Hui-Lan Lu, Paul > Madsen, Alastair Mair, Eve Maler, James Manger, Laurence Miao, Chuck > Mortimore, Justin Richer, Peter Saint-Andre, Nat Sakimura, Rob Sayre, > Marius Scurtescu, Naitik Shah, Luke Shepard, Justin Smith, Jeremy > Suriel, Christian Stuebner, Paul Tarjan, Allen Tom, Franklin Tse, > Nick Walker, Skylar Woodward. > > The initial OAuth 2.0 protocol specification was edited by David > Recordon, based on two previous publications: the OAuth 1.0 community > specification [RFC5849], and OAuth WRAP (OAuth Web Resource > Authorization Profiles) [I-D.draft-hardt-oauth-01]. > > The OAuth 1.0 community specification was edited by Eran Hammer-Lahav > and authored by Mark Atwood, Dirk Balfanz, Darren Bounds, Richard M. > Conlan, Blaine Cook, Leah Culver, Breno de Medeiros, Brian Eaton, > Kellan Elliott-McCrea, Larry Halff, Eran Hammer-Lahav, Ben Laurie, > Chris Messina, John Panzer, Sam Quigley, David Recordon, Eran > Sandler, Jonathan Sergent, Todd Sieling, Brian Slesinsky, and Andy > Smith. > > The OAuth WRAP specification was edited by Dick Hardt and authored by > Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom. > > The list of names was directly derived from my issues list from the past > year. During every document edit I kept track of the person providing the > feedback which resulted in a change. This means that those participating in > discussions but who did not directly have any impact on the document are not > named. This is the only reasonable criteria I was able to come up with. > > An alternative is to list anyone who posted anything to the mailing list > since the work began or to keep the list as-is and let the chairs hand-pick > any additional names they believe are justified. I don’t have strong views, > as long as the list is fair. > > > - Acknowledgement > > This section will start with ‘The editor wishes to thank…’ and is at my > discretion. > > EHL > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
