- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Wed, 14 Mar 2018 08:37:31 +0100
- To: Cullen Jennings <fluffy@iii.ca>, WebRTC WG <public-webrtc@w3.org>, RTCWeb IETF <rtcweb@ietf.org>
Den 13. mars 2018 15:14, skrev Cullen Jennings: > > From a dependency point of view, I would like to note that right now the WebRTC PC spec references > > * draft-ietf-oauth-pop-key-distribution > > Which rumor has it has been replaced by > > * datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz > > Which normatively references the following: > > * draft-ietf-ace-cbor-web-token > * ietf-ace-cwt-proof-of-possession > * draft-ietf-ace-cbor-web-token > * draft-ietf-ace-cwt-proof-of-possession > > More discussion of this at https://github.com/w3c/webrtc-pc/issues/1642 > > What needs to happen with all this so we can finish up the stuff WebRTC needs to reference from IETF ? > > > > > >From a WG product management point of view, I consider that this has not deployed, and is not likely to deploy in the present timeframe, given that no consensus specifiation has emerged. My suggestion would be to replace this text: An OAuth 2.0 based authentication method, as described in [RFC7635]. It uses the OAuth 2.0 Implicit Grant type, with PoP (Proof-of-Possession) Token type, as described in [RFC6749] and [OAUTH-POP-KEY-DISTRIBUTION]. .... rest of section .... with An OAuth 2.0 based authentication method, as described in [RFC7635]. The amount of detail currently in the webrtc-pc document is, to my mind, inappropriate for a W3C spec. If the IETF has failed to come up with a single "handle" by which all this detail can be referenced, the IETF needs to solve that problem.
Received on Wednesday, 14 March 2018 07:38:17 UTC