Document Action: 'The OAuth 1.0 Protocol' to Informational RFC

The IESG <iesg-secretary@ietf.org> Wed, 17 February 2010 23:01 UTC

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Document Action: 'The OAuth 1.0 Protocol' to Informational RFC
Message-Id: <20100217230136.8498E28C287@core3.amsl.com>
Date: Wed, 17 Feb 2010 15:01:36 -0800
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
Precedence: list

The IESG has approved the following document:

- 'The OAuth 1.0 Protocol '
   <draft-hammer-oauth-10.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Lisa Dusseault.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hammer-oauth-10.txt

Technical Summary

   OAuth provides a method for Web clients to access Web server resources

   on behalf of a resource owner (such as a different client or an end-
   user).  It also provides a process for end-users to authorize third
   party access to their server resources without sharing their
   credentials (typically, a username and password pair), using user-
   agent redirections.


Working Group Summary

   This is not a WG product.  However, it was reviewed by the OAUTH
   WG.  The OAUTH WG is working on a standards track revision of OAUTH, 
   but in the meantime, this is a useful work product because it fixes
   several errata in the pre-IETF version of the protocol and establishes
   an IETF-reviewed specification for the community-implemented protocol.

Document Quality

   There are many existing implementations of this specification,
   because it was the subject of an ad-hoc "standardization" effort
   involving quite a few individuals and implementors. 

Personnel

   Lisa Dusseault is the sponsor of the document.

Note to RFC Editor

Please make the following changes in the published RFC

OLD:
   The OAuth protocol was originally created by a small community of web
   developers from a variety of websites and other Internet services,
   who wanted to solve the common problem of enabling delegated access
   to protected resources.  The resulting OAuth protocol was stabilized
   at version 1.0 in October 2007 and published at the oauth.net
   website [1].

   This specification provides an informational documentation of OAuth
   Core 1.0 Revision A as finalized in June 2009, addressing several
   errata reported since that time, as well as numerous editorial
   clarifications.  It is not an item of the IETF's OAuth Working Group,
   which at the time of writing is working on an OAuth version that can
   be appropriate for publication on the standards track.

NEW: 
  The OAuth protocol was originally created by a small community of web
  developers from a variety of websites and other Internet services,
  who wanted to solve the common problem of enabling delegated access
  to protected resources.  The resulting OAuth protocol was stabilized
  at version 1.0 in October 2007, and revised in June 2009 (revision A) as

  published at <http://oauth.net/core/1.0a>.

  This specification provides an informational documentation of OAuth
  Core 1.0 Revision A, addressing several errata reported since that time,

  as well as numerous editorial clarifications.  While this specification
is not
  an item of the IETF's OAuth Working Group, which at the time of writing
is
  working on an OAuth version that can be appropriate for publication on
the
  standards track, it has been transferred to the IETF for change control
by
  authors of the original work.

Document Action: 'The OAuth 1.0 Protocol' to Info… The IESG