Re: [apps-discuss] HTTP MAC Authentication Scheme from Stephen Farrell on 2011-06-03 (ietf-http-wg@w3.org from April to June 2011)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 03 Jun 2011 13:26:28 +0100
To: dcrocker@bbiw.net
CC: Dave CROCKER <dhc@dcrocker.net>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "http-state@ietf.org" <http-state@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Message-ID: <4DE8D2F4.1050103@cs.tcd.ie>

Hi Dave,

On 02/06/11 22:16, Dave CROCKER wrote:
> Stephen,
> 
> On 6/1/2011 5:16 AM, Stephen Farrell wrote:
>> Just on DOSETA - that's not currently got any official
>> home in the IETF so its not something that would be right
>> to reference at this point (unless the oauth WG wanted to
>> adopt DOSETA but I'd be very surprised if that were the
>> case for timing reasons).
> 
> I'm confused on two counts.  (To be honest, of course, I'm confused
> about many points, but two of them are relevant to this thread...)
> 
> One, of course, is that I've been actively raising DOSETA in various
> IETF venues for the different groups to considering adopting and/or
> adapting it.  As such, discussion of DOSETA permits exploring the
> possibility of adoption and/or adaptation.

I don't get the confusion aspect there, but the rest below
might clarify.

> The second is that you appear to be stating a policy that a working
> group is only permitted to reference things which are currently and
> officially IETF work items.  I suspect that that is not what you meant,
> so at the least, please clarify what you do mean.

Right. I wasn't stating any general policy.

What I meant was that the oauth WG needs to get oauth2.0 done
and that seems to require also getting the mac scheme done, so
adding a dependency to something at an early stage of development
(like DOSETA) at this point would not be a good plan for oauth.
That's all. Exploring  whether DOSETA or something similar is
useful is a fine thing to do, its just a bit early for oauth.

> If you really do mean anything like the interpretation I just
> summarized, please explain its basis.
> 
>> To be clear, as an individual, I do think that "something
>> like DOSETA" is a really good idea and maybe DOSETA will
>> turn out to be that something, I don't know.
> 
> If it is not acceptable to 'reference' DOSETA now and here, then how
> will the determination of its utility be made?

Following our usual highly-predictable process I guess;-)

I assume that the next step would be for a bunch of interested
folks to figure out where and when it might make sense to do
more on DOSETA.

S.

> 
> 
> Thanks.
> 
> d/
>

Received on Friday, 3 June 2011 12:27:19 UTC