Hi Mike I like where you are going with this, but what do we mean when we say OAuth 2.0? Is it RFC 6749? What is the OAuth 2.0 set of protocols?
OAuth 2.1 includes features that are not in RFC 6749, so it is not a subset of that specification. ᐧ On Sun, Mar 15, 2020 at 2:34 PM Mike Jones <michael.jo...@microsoft.com> wrote: > The abstract of draft-parecki-oauth-v2-1 concludes with this text: > > This specification replaces and obsoletes the OAuth 2.0 Authorization > Framework described in RFC 6749 <https://tools.ietf.org/html/rfc6749>. > > > > While accurate, I don’t believe that this text captures the full intent of > the OAuth 2.1 effort – specifically, to be a recommended subset of OAuth > 2.0, rather than to introduce incompatible changes to it. Therefore, I > request that these sentences be added to the abstract, to eliminate > confusion in the marketplace that might otherwise arise: > > > > OAuth 2.1 is a compatible subset of OAuth 2.0, removing features that > are not currently considered to be best practices. By design, it does not > introduce any new features to what already exists in the OAuth 2.0 set of > protocols. > > > > Thanks, > > -- Mike > > > > P.S. I assert that any incompatible changes should be proposed as part of > the TxAuth effort and not as part of OAuth 2.1. > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
