There are various factors that play a role here, such as * where work first got proposed, * where the expertise is, * where the main audience is, * etc.
We will definitely talk to our AD but it is already a good start to hear whether there is interest in a specific item in general. If there is no interest then any other question goes away pretty quickly. Ciao Hannes On Oct 20, 2011, at 12:42 PM, Eran Hammer-Lahav wrote: > What possible rational is there for SWD to belong in the OAuth working group > and in the security area? > > EHL > >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Mike Jones >> Sent: Thursday, October 20, 2011 12:12 PM >> To: Hannes Tschofenig; OAuth WG >> Subject: Re: [OAUTH-WG] Rechartering >> >> Thanks, Hannes. Here's my prioritized list of new work: >> >> 1. JSON Web Token (JWT) >> 2. Simple Web Discovery (SWD) >> 3. JSON Web Token (JWT) Bearer Token Profile >> 4. Token Revocation >> >> My prioritized list of existing work items to complete after the core and >> bearer specs are: >> >> A. Assertions Specification >> B. SAML Bearer Token Profile >> >> I am ambivalent about whether the working group takes on most of the >> other work items. >> >> Responding to Eran's comments on SWD versus host-meta, these specs have >> significantly different goals and use substantially different mechanisms with >> different privacy characteristics. Also, if you compare the relative >> complexity >> of the example at http://tools.ietf.org/html/draft-hammer-hostmeta- >> 17#appendix-A versus the example at http://tools.ietf.org/html/draft-jones- >> simple-web-discovery-01#section-1, you can see why SWD was chosen for >> use in OpenID Connect to discover OAuth authorization and resource server >> endpoints. >> >> -- Mike >> >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Hannes Tschofenig >> Sent: Wednesday, October 19, 2011 10:09 PM >> To: OAuth WG >> Subject: [OAUTH-WG] Rechartering >> >> Hi all, >> >> in preparation of the upcoming IETF meeting Barry and I would like to start a >> re-chartering discussion. We both are currently attending the Internet >> Identity Workshop and so we had the chance to solicit input from the >> participants. This should serve as a discussion starter. >> >> Potential future OAuth charter items (in random order): >> >> ---------------- >> >> 1) Dynamic Client Registration Protocol >> >> Available document: >> http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/ >> >> 2) Token Revocation >> >> Available document: >> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ >> >> 3) UMA >> >> Available document: >> http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/ >> >> 4) Client Instance Extension >> >> Available document: >> http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt >> >> 5) XML Encoding >> >> Available document: >> http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt >> >> 6) JSON Web Token >> >> Available document: >> http://tools.ietf.org/html/draft-jones-json-web-token-05 >> >> 7) JSON Web Token (JWT) Bearer Profile >> >> Available document: >> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00 >> >> 8) User Experience Extension >> >> Available document: >> http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00 >> >> 9) Request by Reference >> >> Available document: >> http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00 >> >> 10) Simple Web Discovery >> >> Available document: >> http://tools.ietf.org/html/draft-jones-simple-web-discovery-00 >> >> ---------------- >> >> We have the following questions: >> >> a) Are you interested in any of the above-listed items? (as a reviewer, co- >> author, implementer, or someone who would like to deploy). It is also useful >> to know if you think that we shouldn't work on a specific item. >> >> b) Are there other items you would like to see the group working on? >> >> Note: In case your document is expired please re-submit it. >> >> Ciao >> Hannes & Barry >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
