ietf
[Top] [All Lists]

Re: Oauth blog post

2012-07-29 22:01:11
I have not been involved in the OAuth design processes, but for the
last few months, I’ve been a heavy user of production OAuth2 software.
Which I felt gave me a platform to comment  on the issue:
http://www.tbray.org/ongoing/When/201x/2012/07/28/Oauth2-dead

 -Tim

On Sun, Jul 29, 2012 at 2:57 PM, Hannes Tschofenig
<hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote:
It sounds indeed great to involve those communities that use the technology. 
However, I don't see an easy way to accomplish that when we talk about a 
really large community.

For example, many people use TLS and they are not all in the TLS WG working 
group. I am not even talking about providing useful input to the work (since 
you would have to be a security expert and some people just want to get their 
application development done as quickly as possible). They just use the 
library.

OAuth is a bit similar in that direction. Ideally, we want Web application 
developers to just use a library and then add their application specific 
technology on top of it rather than having to read the IETF specification and 
to write the OAuth code themselves.

On Jul 29, 2012, at 2:13 PM, Worley, Dale R (Dale) wrote:

From: Hannes Tschofenig [hannes(_dot_)tschofenig(_at_)gmx(_dot_)net]

Eran claims that enterprise identity management equipment manufacturer 
dominate the discussion.

There's a common problem in the IETF that the development of a standard is 
dominated by companies that incorporate the standard into their products, 
whereas the people who "really should" be involved in the development are 
those who will *use* the standard in operation.

Dale


<Prev in Thread] Current Thread [Next in Thread>