I’ve submitted my draft of XYZ as an ID: https://tools.ietf.org/html/draft-richer-transactional-authz-00
— Justin On May 6, 2019, at 3:43 PM, Justin Richer <jric...@mit.edu<mailto:jric...@mit.edu>> wrote: In a vein related to Torsten’s recent thread and blog post, I’ve also been working on a proposal around Transactional OAuth. As many of you know, I wrote a blog post about the basic idea last fall, and now I’ve got something a bit more concrete online that people can poke around with. I’m calling it “XYZ” just to give it a name, and it’s online here: https://oauth.xyz/ I need to be very clear: This is not wire-compatible with OAuth2, but is instead a transactional (intent-pattern) protocol that implements a lot of the core concepts and a few new ones in a different framework. There have been a lot of attempts to extend and adapt OAuth in the last few years, and in my opinion that’s gotten us painted into a bit of a corner as we keep trying to solve new problems. By breaking away from backwards compatibility, I found that was able to both simplify a lot of the concepts, make different actions more consistent, and make it more widely flexible. Also to note, I’ve read through Torsten’s draft, and I think that his ideas of what’s in a “Structured Scope” could be a replacement for the hand-waving idea I have in the “resources” section of XYZ. I’m continuing development of this protocol, including a couple toy implementations, all of them open source. I have started a writeup in spec-language, and I plan to have it cleaned up and submitted prior to Montreal — where I’ll be attending in person and hope to discuss this as a potential WG item. — Justin _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
