+1 Best regards, Don Donald F. Coffin Founder/CTO
REMI Networks 22751 El Prado Suite 6216 Rancho Santa Margarita, CA 92688-3836 Phone: (949) 636-8571 Email: donald.cof...@reminetworks.com -----Original Message----- From: Anil Saldhana [mailto:anil.saldh...@redhat.com] Sent: Friday, June 13, 2014 9:27 AM To: oauth@ietf.org Subject: Re: [OAUTH-WG] Question regarding draft-hunt-oauth-v2-user-a4c For me it boils down to this: OAuth deals with Authorization. Authentication needs to be outside its realm - whether it is OIDC, SAML or other protocols, it is fine. The security community has just muddled up things for end users, implementors and adopters. We need to start having clear cut separation in the standards. On 06/13/2014 11:24 AM, Prateek Mishra wrote: > Excellent, now you have put your finger on the precise issue with OIDC > - lots of optional extensions and shiny trinkets and lack of a clear > definition of a core subset for servers. > > I realize its exciting for consultants, software and toolkit vendors > to have that sort of optionality, but in practice, its NOT A GOOD > THING in a protocol. > > [quote] >> >>> It is a bit like saying an 18 wheeler is suitable for driving the >>> kids to school. :-) >> >> I don't think this is true. Most oidc oauth extensions are optional >> with the sole requirement that providers don't barf if you send them. >> > [\quote] > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth