[Openid-specs-ab] Messages/Standard (was Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt)

Brian Campbell bcampbell at pingidentity.com
Wed Jul 31 11:22:25 UTC 2013


[switching from OAuth to the Connect list]

In practice, IMHO, the split between messages and standard doesn't actually
accomplish anything but to to make the specs larger and harder to consume.

I get the basic idea/goal of wanting to be decoupled from HTTP but Connect,
even Messages, is already fully dependent on OAuth, which itself "is
designed for use with HTTP" [1]. So what does it really accomplish?

I realize it's probably moot at this point but I felt compelled to mention
it (again).

[1] http://tools.ietf.org/html/rfc6749#section-1


On Tue, Jul 30, 2013 at 10:43 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> Right. Anyone who agreed to IPR could have proposed the text in the work
> group.
>
> Re: Messages and Standard
>
> Messages were supposed to be the collection of terminology and parameters
> sets.
> Standard was meant to be HTTP binding, which would effectively make it
> OAuth 2.0 + authentication + identity.
> As such, normative portion of the standard was to be made of the HTTP
> protocol element, reference to the parameters sets in Messages, and the
> documentation on how to serialize. It should be very concise. Non-normative
> portions were supposed to have examples. In some sections, it is like that,
> but in sections like 2.2.1.1, it is currently repeating much of what the
> Messages have.
> This, to me, is suboptimal but many people wanted to be this way so that
> they do not have to refer to the Messages.
>
> Maybe, for the final, we might reconsider it.
>
>
>
>
>
>
> 2013/7/31 Richer, Justin P. <jricher at mitre.org>
>
>  So it's not the protocol that's the problem, it's the documentation. For
>> that I'm 100% with you all. However, I really don't think that the right
>> response to that is "we'll just invent something new and incompatible with
>> slightly different names" -- it's to document the protocol better.
>>
>>   -- Justin
>>
>>  On Jul 30, 2013, at 12:57 PM, Paul Madsen <paul.madsen at gmail.com>
>>  wrote:
>>
>>  I always think I pretty much understand OIDC until I see the specs list
>>
>>  On 7/30/13 12:39 PM, Brian Campbell wrote:
>>
>> Yes, that.
>>
>> On Tue, Jul 30, 2013 at 4:46 PM, Richer, Justin P. <jricher at mitre.org>wrote:
>>
>>>
>>> Yes, I agree that the giant stack of documents is intimidating and in my
>>> opinion it's a bit of a mess with Messages and Standard split up (but I
>>> lost that argument years ago).
>>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing listOAuth at ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth at ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> OAuth mailing list
> OAuth at ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130731/e9da5c9a/attachment-0001.html>


More information about the Openid-specs-ab mailing list