On Tue, Aug 2, 2011 at 2:22 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > I am going to drop both ‘bodyhash’ and ‘ext’, and instead add ‘app’. ‘app’ > allows you to include any data you want. ‘ext’ without an internal format > and register is just asking for trouble, and I have no intention of adding > that level of complexity. There are other proposals in the IETF for full > HTTP message signatures, and I’ll leave these more complex use cases to > them. > > If you can demonstrate actual need (with examples) of both ‘app’ and ‘ext’, > I’m willing to reconsider but you can clearly accomplish the same end result > with just one, application-specific parameter.
Just a word of process stuff, here: draft-ietf-oauth-v2-http-mac is a working group document, not an individual submission. That means that the working group decides what gets changed, and we need to see consensus to make a change like this. "I am going to", "I have no intention of", and "I'm willing to reconsider" aren't appropriate. It might be that making this change is the right thing to do, but so far we have no one voicing support for the change (Skylar responded favourably to the initial message, but no one's supported removing "ext" in favour of "app"). Let's have more discussion before any decisions are made. And, in general, for all documents, let's please have editors making suggestions, not pronouncements. Tone is important. Barry, as chair _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
