- From: Mészáros Mihály via GitHub <sysbot+gh@w3.org>
- Date: Thu, 22 Mar 2018 14:38:40 +0000
- To: public-webrtc-logs@w3.org
I think decision has made. => PR needed. @alvestrand will you make it, or shall I make it? @tireddy2 >From WebRTC + RFC7635 point of view I still miss an RFC that describes the OAuth PoP key distribution over HTTP. As it was mentioned draft-ietf-oauth-pop-key-distribution-03 draft is no longer active. I understand that OAuth PoP key distribution interest is moved to COAP, but I don't know why the HTTP OAuth PoP isn't it finished => dead. I know HTTP in a constrained env is to expensive, but for a system that encodes media http shouldn't be a problem. Correct me if I am wrong, but according RFC7635 Appendix example, and because WebRTC is strongly related to browsers, so I feel that we are still interested in OAuth PoP key distribution over HTTP. OAuth Client<=>AS communication over HTTP On the wire: - either RFC7635 or CWT token - kid - session key IMHO Key distribution over COAP does not fit perfectly, complicates more the communication, and so I prefer to use HTTP. Could you shade on it light, or point me where I could find more information about why OAuth PoP over HTTP idea is not finished and totally dropped? Thanks in advance! -- GitHub Notification of comment by misi Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1642#issuecomment-375329541 using your GitHub account
Received on Thursday, 22 March 2018 14:38:42 UTC