[OAUTH-WG] Terminology updates in OAuth Mix-Up Mitigation specification

The only change to the new draft is to use terminology more consistently. Specifically, it changes the terms "issuer URL" and "configuration information location" to "issuer identifier" so that consistent terminology is used for this. (This is the terminology used by OpenID Connect.) This is

[OAUTH-WG] Terminology editorial work

After reading the specification from start to finish, I decided that the terminology section comes too early and is more confusing than helpful. I am moving it to an appendix and replacing it with short prose in the introduction. With this change, I am no open to include any other term used in t

Re: [OAUTH-WG] terminology

Yes, that is quite helpful. Thanks! On 2/3/10 1:30 AM, David Recordon wrote: > Looks > like > http://spreadsheets.google.com/ccc?key=0AjpBrc9X0st3dFBNQUpnZzFJbmFGOTkxZUVNdGdxMmc&hl=en > > is actually publi

Re: [OAUTH-WG] terminology

Looks like http://spreadsheets.google.com/ccc?key=0AjpBrc9X0st3dFBNQUpnZzFJbmFGOTkxZUVNdGdxMmc&hl=enis actually public. On Tue, Feb 2, 2010 at 2:08 PM, Peter Saint-Andre wrote: > On 1/28/10 11:35 PM, David Recordon wrote: > > Hey Peter, > > Luke put together a spreadsheet comparing the terminolog

Re: [OAUTH-WG] terminology

Related to this, in UMA we chose "Host" for the online service where a protected resource can be accessed, because each resource found there might potentially be subject to a different user-managed authorization policy (that is, protection) regime. We've found this word to be quite copacetic, a

Re: [OAUTH-WG] terminology

On 2/2/10 3:12 PM, Dick Hardt wrote: > > On 2010-02-02, at 2:08 PM, Peter Saint-Andre wrote: >> On 1/28/10 11:35 PM, David Recordon wrote: >>> I have a pretty strong preference of sticking with OAuth 1.0 >>> terminology as much as possible. >> >> Agreed. > > The term "server" in OAuth 1.0 does n

Re: [OAUTH-WG] terminology

On 2010-02-02, at 2:08 PM, Peter Saint-Andre wrote: > On 1/28/10 11:35 PM, David Recordon wrote: >> I have a pretty strong preference of sticking with OAuth 1.0 terminology >> as much as possible. > > Agreed. The term "server" in OAuth 1.0 does not differentiate between the Authorization Server

Re: [OAUTH-WG] terminology

On 1/28/10 11:35 PM, David Recordon wrote: > Hey Peter, > Luke put together a spreadsheet comparing the terminology across five or > six different protocols. Hopefully he'll share it. :) That would be great. I'll ping him off-list, or he can just attach it to http://trac.tools.ietf.org/wg/oauth/t

Re: [OAUTH-WG] terminology

n...@ietf.org] *On Behalf > Of *David Recordon > *Sent:* Thursday, January 28, 2010 10:35 PM > *To:* Peter Saint-Andre; Luke Shepard > *Cc:* OAuth WG > *Subject:* Re: [OAUTH-WG] terminology > > > > Hey Peter, > > Luke put together a spreadsheet comparing the termino

Re: [OAUTH-WG] terminology

Shepard Cc: OAuth WG Subject: Re: [OAUTH-WG] terminology Hey Peter, Luke put together a spreadsheet comparing the terminology across five or six different protocols. Hopefully he'll share it. :) I have a pretty strong preference of sticking with OAuth 1.0 terminology as much as possible.

Re: [OAUTH-WG] terminology

Hey Peter, Luke put together a spreadsheet comparing the terminology across five or six different protocols. Hopefully he'll share it. :) I have a pretty strong preference of sticking with OAuth 1.0 terminology as much as possible. --David On Thu, Jan 28, 2010 at 7:40 AM, Peter Saint-Andre wrot

[OAUTH-WG] terminology

One of the topics discussed during our conference call last week was the matter of terminology. All agreed that we need to gain clarity and consensus regarding the terms we use. To help us achieve that, I've created a stub wiki page: http://trac.tools.ietf.org/wg/oauth/trac/wiki/OauthTerms If you