We are going to respond to Eran's blog post. We would like to respond with some
real content instead of vague statements.
I would find it useful if anyone of you who likes to agree or disagree to have
at least read the OAuth specification. I had noticed that many of those who
share their valuable thoughts have not even spent the time to look at the
document.
Hannes
Sent from my Windows Phone
-----Original Message-----
From: ext SM
Sent: 7/29/2012 8:23 AM
To: Yaron Sheffer; ietf(_at_)ietf(_dot_)org
Subject: Re: Oauth blog post
Hi Yaron,
At 05:52 AM 7/29/2012, Yaron Sheffer wrote:
this blog post (
http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/)
by the editor of OAuth 2.0 made the rounds of
the geek news outlets: Slashdot, CNet etc. I am
sure many people on this list have seen it. But
I have seen no reactions on this list, nor on
the SAAG list. Is this too unimportant to
discuss? Is there nothing we, as an organization, can learn from it?
OAuth2 is more within Apps than SAAG. People
discuss about topics they are interested instead
of what you or I would consider as important. I
don't know whether the IETF learns anything from
its failures. It can always redefine failure so
that it becomes known as success. :-)
It is to Eran's credit that he did not seek all
the credit when he could have done so. What I
could learn from that is that "doing the right
thing" will be forgotten when it is convenient to
do so. The WG Chairs did something unusual to
try and resolve the situation. That's in the
mailing list archive for anyone to read if the
person thinks that it is important.
I'll highlight the following:
"[the] working group at the IETF started with
strong web presence. But as the
work dragged on (and on) past its first year,
those web folks left along with
every member of the original 1.0 community.
The group that was left was largely
all enterprise? and me."
It's not the first time that this occurs. It is
up to the IETF to assess whether it is detrimental to have such an outcome.
Regards,
-sm