Yes, tone is important and I agree that this is a working group document and should follow process.
This draft has shown practically no interest from this working group (last count it was 3 people other than me). If there was no requirement from the AD to include this as part of the OAuth 2.0 "package", it would have stayed as an individual submission. Given that this is largely my work (to-date) and that the working group engagement is almost non-existent, moving forward is more likely going to come from me putting forward proposals in the document with [[ Pending Consensus ]] labels than from trying to get engagement. Unless the chairs are going to actively poke the group to engage (which I have seen no sign of), I'm not expecting much to change. At this point we have established the practice of suggesting text within the document itself as long as it is clearly marked and we have an open issue in the tracker. I'm going to follow that practice and make the proposed changes in order to move things along at a practical pace. I'll also adjust my tone to address any concerns. EHL > -----Original Message----- > From: barryleiba.mailing.li...@gmail.com > [mailto:barryleiba.mailing.li...@gmail.com] On Behalf Of Barry Leiba > Sent: Tuesday, August 02, 2011 5:28 PM > To: Eran Hammer-Lahav > Cc: Phil Hunt; William J. Mills; OAuth WG > Subject: Re: [OAUTH-WG] MAC Tokens body hash > > On Tue, Aug 2, 2011 at 2:22 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > I am going to drop both 'bodyhash' and 'ext', and instead add 'app'. 'app' > > allows you to include any data you want. 'ext' without an internal > > format and register is just asking for trouble, and I have no > > intention of adding that level of complexity. There are other > > proposals in the IETF for full HTTP message signatures, and I'll leave > > these more complex use cases to them. > > > > If you can demonstrate actual need (with examples) of both 'app' and > > 'ext', I'm willing to reconsider but you can clearly accomplish the > > same end result with just one, application-specific parameter. > > Just a word of process stuff, here: draft-ietf-oauth-v2-http-mac is a working > group document, not an individual submission. That means that the working > group decides what gets changed, and we need to see consensus to make a > change like this. "I am going to", "I have no intention of", and "I'm > willing to > reconsider" aren't appropriate. > > It might be that making this change is the right thing to do, but so far we > have > no one voicing support for the change (Skylar responded favourably to the > initial message, but no one's supported removing "ext" in favour of "app"). > Let's have more discussion before any decisions are made. And, in general, > for all documents, let's please have editors making suggestions, not > pronouncements. Tone is important. > > Barry, as chair _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
