I would go with option A, option B introduces concepts/syntax that complicates the current Oauth model
-----Original Message----- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Friday, February 19, 2016 11:43 AM To: oauth@ietf.org Subject: [OAUTH-WG] Fixing the Authorization Server Mix-Up: Call for Adoption Early February I posted a mail to the list to make progress on the solution to the OAuth Authorization Server Mix-Up problem discovered late last year. Here is my mail about the Authorization Server Mix-Up: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.ietf.org%2fmail-archive%2fweb%2foauth%2fcurrent%2fmsg15336.html&data=01%7c01%7ctonynad%40microsoft.com%7c9a5edea9bc704239059508d33964d07c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=DgIHvagw6YjaIFDFlxp4%2bhgQ7ivmV%2f2FuuuiDwVQRv8%3d Here is my mail to the list that tries to summarize the discussion status and asked a few questions: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.ietf.org%2fmail-archive%2fweb%2foauth%2fcurrent%2fmsg15697.html&data=01%7c01%7ctonynad%40microsoft.com%7c9a5edea9bc704239059508d33964d07c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=1EvoWm%2b7K2BSdvTGCDxmzBkmeSo3Wm1GWamgtG6fcNk%3d Unfortunately, my mail didn't lead to the intended success. While there was some feedback I wasn't getting the desired response. In order to move forward I believe we need a working group document that serves as a starting point for further work in the group*. We have two documents that provide similar functionality in an attempt to solve the Authorization Server Mix-Up problem. So, here is the question for the group. Which document do you want as a starting point for work on this topic: -- Option A: 'OAuth 2.0 Mix-Up Mitigation' by Mike Jones and John Bradley Link: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-mix-up-mitigation-01&data=01%7c01%7ctonynad%40microsoft.com%7c9a5edea9bc704239059508d33964d07c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=l27GZP9%2bS5BgvlXxSsgJ2cZv66mFbRpdkREO5L%2bcjsQ%3d -- Option B: 'OAuth Response Metadata' by Nat Sakimura, Nov Matake and Sascha Preibisch Link: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-sakimura-oauth-meta-07&data=01%7c01%7ctonynad%40microsoft.com%7c9a5edea9bc704239059508d33964d07c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Bo6qJ%2b7JcAqfRCzAfD4D4oDCOF%2be29RFRLeyWtJP9lg%3d Deadline for feedback is March, 4th. Ciao Hannes & Derek PS: (*) Regardless of the selected solution we will provide proper acknowledgement for those who contributed to the work. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
