Re: WebRTC REF for OAUTH based TURN

Den 13. mars 2018 15:14, skrev Cullen Jennings:
> 
> From a dependency point of view, I would like to note that right now the WebRTC PC spec references
> 
> * draft-ietf-oauth-pop-key-distribution
> 
> Which rumor has it has been replaced by 
> 
> * datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz
> 
> Which normatively references the following:
> 
> * draft-ietf-ace-cbor-web-token
> * ietf-ace-cwt-proof-of-possession
> * draft-ietf-ace-cbor-web-token
> * draft-ietf-ace-cwt-proof-of-possession
> 
> More discussion of this at https://github.com/w3c/webrtc-pc/issues/1642
> 
> What needs to happen with all this so we can finish up the stuff WebRTC needs to reference from IETF ?
> 
> 
> 
> 
> 

>From a WG product management point of view, I consider that this has not
deployed, and is not likely to deploy in the present timeframe, given
that no consensus specifiation has emerged.

My suggestion would be to replace this text:

An OAuth 2.0 based authentication method, as described in [RFC7635]. It
uses the OAuth 2.0 Implicit Grant type, with PoP (Proof-of-Possession)
Token type, as described in [RFC6749] and [OAUTH-POP-KEY-DISTRIBUTION].
 .... rest of section ....

with

 An OAuth 2.0 based authentication method, as described in [RFC7635].

The amount of detail currently in the webrtc-pc document is, to my mind,
inappropriate for a W3C spec. If the IETF has failed to come up with a
single "handle" by which all this detail  can be referenced, the IETF
needs to solve that problem.

Received on Wednesday, 14 March 2018 07:38:17 UTC