The abstract of draft-parecki-oauth-v2-1 concludes with this text: This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749<https://tools.ietf.org/html/rfc6749>.
While accurate, I don't believe that this text captures the full intent of the OAuth 2.1 effort - specifically, to be a recommended subset of OAuth 2.0, rather than to introduce incompatible changes to it. Therefore, I request that these sentences be added to the abstract, to eliminate confusion in the marketplace that might otherwise arise: OAuth 2.1 is a compatible subset of OAuth 2.0, removing features that are not currently considered to be best practices. By design, it does not introduce any new features to what already exists in the OAuth 2.0 set of protocols. Thanks, -- Mike P.S. I assert that any incompatible changes should be proposed as part of the TxAuth effort and not as part of OAuth 2.1.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth