Is it correct to say that the IPR in question touched the portion of Bearer
that deals with allowing the token in the URL, and that tokens in the Auth
header and tokens in POST body?
If so, then for me this issue is another reason not to use tokens in the URL,
which I would already recommend against for several reasons. We would not use
this in our own implementations.
-bill
>________________________________
> From: Sam Hartman <hartmans-i...@mit.edu>
>To: Michael Thomas <m...@mtcc.com>
>Cc: "oauth@ietf.org WG" <oauth@ietf.org>
>Sent: Wednesday, May 9, 2012 2:45 PM
>Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>
>So, here are statements that you could make as part of this discussion
>that would be entirely in scope:
>
>1) I've read the IPR. Prior to this disclosure I was interested in
>developing|deploying|shipping an implementation of this
>specification. Now I am not.
>
>2) I think you could go so far as to say. Based on this IPR I would no
>longer feel comfortable making an open-source implementation of this
>spec available.
>
>3) Or on the other side: I've reviewed this new IPR and I believe I
>could implement|ship|deploy|whatever this specification.
>
>Or if you don't like giving out as much information as 1-3:
>
>4) I've reviewed the new IPr and I recommend that we not advance this
>standard
>
>5) I've reviewed the IPR and I do recommend we advance.
>
>Obviously, people may weigh statements of the form 1-3 with more value
>than 4-5. However it's really hard to get many organizations to say
>something in the 1-3 range.
>
>Other valid things to say in such a context include:
>
>6) We've successfully obtained any licenses we believe that we need in
>order to implement this specification given the IPR.
>
>7) We attempted to obtain the licenses we needed in order to implement
>given this IPR but were unsuccessful.
>
>believe all the above statements are acceptable. In particular, none of
>them comment on the validity of the IPR nor give legal advice about
>stuff.
>
>I believe you could even go so far as to say something like I believe
>that an open-source implementation of this technology is|is not
>important to whether we should standardize it. I believe we've come very
>close to that in the past.
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
