[Openid-specs-ab] Messages/Standard (was Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt)

Tim Bray tbray at textuality.com
Wed Jul 31 12:28:00 UTC 2013


I completely agree.
On Jul 31, 2013 12:23 PM, "Brian Campbell" <bcampbell at pingidentity.com>
wrote:

> [switching from OAuth to the Connect list]
>
> In practice, IMHO, the split between messages and standard doesn't
> actually accomplish anything but to to make the specs larger and harder to
> consume.
>
> I get the basic idea/goal of wanting to be decoupled from HTTP but
> Connect, even Messages, is already fully dependent on OAuth, which itself
> "is designed for use with HTTP" [1]. So what does it really accomplish?
>
> I realize it's probably moot at this point but I felt compelled to mention
> it (again).
>
> [1] http://tools.ietf.org/html/rfc6749#section-1
>
>
> On Tue, Jul 30, 2013 at 10:43 PM, Nat Sakimura <sakimura at gmail.com> wrote:
>
>> Right. Anyone who agreed to IPR could have proposed the text in the work
>> group.
>>
>> Re: Messages and Standard
>>
>> Messages were supposed to be the collection of terminology and parameters
>> sets.
>> Standard was meant to be HTTP binding, which would effectively make it
>> OAuth 2.0 + authentication + identity.
>> As such, normative portion of the standard was to be made of the HTTP
>> protocol element, reference to the parameters sets in Messages, and the
>> documentation on how to serialize. It should be very concise. Non-normative
>> portions were supposed to have examples. In some sections, it is like that,
>> but in sections like 2.2.1.1, it is currently repeating much of what the
>> Messages have.
>> This, to me, is suboptimal but many people wanted to be this way so that
>> they do not have to refer to the Messages.
>>
>> Maybe, for the final, we might reconsider it.
>>
>>
>>
>>
>>
>>
>> 2013/7/31 Richer, Justin P. <jricher at mitre.org>
>>
>>  So it's not the protocol that's the problem, it's the documentation.
>>> For that I'm 100% with you all. However, I really don't think that the
>>> right response to that is "we'll just invent something new and incompatible
>>> with slightly different names" -- it's to document the protocol better.
>>>
>>>   -- Justin
>>>
>>>  On Jul 30, 2013, at 12:57 PM, Paul Madsen <paul.madsen at gmail.com>
>>>  wrote:
>>>
>>>  I always think I pretty much understand OIDC until I see the specs list
>>>
>>>  On 7/30/13 12:39 PM, Brian Campbell wrote:
>>>
>>> Yes, that.
>>>
>>> On Tue, Jul 30, 2013 at 4:46 PM, Richer, Justin P. <jricher at mitre.org>wrote:
>>>
>>>>
>>>> Yes, I agree that the giant stack of documents is intimidating and in
>>>> my opinion it's a bit of a mess with Messages and Standard split up (but I
>>>> lost that argument years ago).
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing listOAuth at ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth at ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>
>>
>> --
>> Nat Sakimura (=nat)
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth at ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130731/b2eca250/attachment.html>


More information about the Openid-specs-ab mailing list