[OAUTH-WG] Call for Consensus (Deadline: April 22)

This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd, this draft will be promoted to an active working group document on Wednesday, April 23rd. b. [1]

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

Blaine... Might you have meant April 27th? On 4/23/10 1:20 PM, Blaine Cook wrote: This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd, this draft will be promoted to an

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

Do you mean April 29 (Thu) and April 30th (Fri)? This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd, this draft will be promoted to an active working group document on

[OAUTH-WG] Autonomous clients and resource owners (editorial)

Regarding the second comment I made below: I realized last night that Sections 3.7.1 and 3.7.2 get this more correct, by saying that an autonomous client represents a separate resource owner. So Section 2.2 definitely needs a slight change, from: ...and autonomous flows where the client is

Re: [OAUTH-WG] device profile comments

- Authorization server doesn’t return approval URL - device hard-codes this instead. I expect that this will point to a manufacturer specific page, and that the manufacturer specific page will automatically redirect to a page on the authorization server. Why not returning

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

Full support. Igor Blaine Cook wrote: This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd, this draft will be promoted to an active working group document on Wednesday,

Re: [OAUTH-WG] New service provider that supports OAuth 2.0

I was surprised that this announcement didn't garner more commentary from the list here, as this decision worries me a little bit. There are a lot of components of the OAuth protocol that aren't stabilized into a real standard yet, and I'm worried that the Facebook implementation of OAuth 2.0 will

Re: [OAUTH-WG] Standardisation of a Java API

Hi all guys, Paul very nice to meet you :) at the era I started writing the first version of the Amber proposal, my Cocoon3 mates Reinhard Poetz and Steven Dolg were interested, I'll ping them to get them involved. Quick question: can anyone tell me please where I can share the first draft of the

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

On 4/23/10 8:05 AM, Prateek Mishra wrote: Do you mean April 29 (Thu) and April 30th (Fri)? Clearly yes. This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd, this draft

Re: [OAUTH-WG] New service provider that supports OAuth 2.0

Hey Justin, al- I'll send a more complete email this afternoon with the details of the Facebook OAuth deployment. For now I just wanted to respond to your questions: Is Facebook committed to tracking the spec in its development Yes. Our main focus right now is stability and bug fixing for

Re: [OAUTH-WG] New service provider that supports OAuth 2.0

just as a counter - twitter is taking a more paced stance. our @anywhere is built upon the oauth2 draft from a few weeks ago, and we're going to be spending a portion of next week catching it up to the current draft. its my personal goal to open the endpoint up so that developers can start to

Re: [OAUTH-WG] Combining the Native application and User-agent flows

On Fri, Apr 16, 2010 at 8:09 PM, Eran Hammer-Lahav e...@hueniverse.comwrote: On 4/16/10 6:00 PM, Evan Gilbert uid...@google.com wrote: - Add text to the spec to give overview of options for native app developers I need a proposal. Here's a proposal for text to cover the options for

Re: [OAUTH-WG] 'Scope' parameter proposal

I suspect the key concept is realising that there can be many authz URIs — and that that is ok. OAuth libraries should support this concept — perhaps by not expecting a single authz URI to be provided in a config file. I fully agree with your statement. Authorization servers may use

Re: [OAUTH-WG] 'Scope' parameter proposal

This looks about right. EHL -Original Message- From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] Sent: Friday, April 23, 2010 3:31 PM To: Manger, James H Cc: Brian Eaton; Eran Hammer-Lahav; OAuth WG Subject: Re: [OAUTH-WG] 'Scope' parameter proposal I suspect the key

Re: [OAUTH-WG] 'Scope' parameter proposal

On Thu, Apr 22, 2010 at 6:11 PM, Manger, James H james.h.man...@team.telstra.com wrote: We mustn't drop advertisements (details in 401 responses). We mustn't drop the goal of a standard for interoperability. I share the goals, I just don't think that a specification is the way to get there. I

Re: [OAUTH-WG] device profile comments

I sent this reply to Brian's original email earlier, but forgot to click reply-all. I disagree with hardcoding the approval URL into the device. To enable short URLs, there's nothing in the spec preventing the Auth Server from returning a different approval URL for each client id.