[OAUTH-WG] OAuth2 abstract
"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 17 March 2011 02:39 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C87EC3A6A14 for <oauth@core3.amsl.com>; Wed, 16 Mar 2011 19:39:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.539
X-Spam-Level:
X-Spam-Status: No, score=-0.539 tagged_above=-999 required=5 tests=[AWL=0.361, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29vtjzTPCW2b for <oauth@core3.amsl.com>; Wed, 16 Mar 2011 19:39:05 -0700 (PDT)
Received: from ipxano.tcif.telstra.com.au (ipxano.tcif.telstra.com.au [203.35.82.200]) by core3.amsl.com (Postfix) with ESMTP id 89E453A691F for <oauth@ietf.org>; Wed, 16 Mar 2011 19:39:04 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="4.63,197,1299416400"; d="scan'208,217"; a="31501219"
Received: from unknown (HELO ipccni.tcif.telstra.com.au) ([10.97.216.208]) by ipoani.tcif.telstra.com.au with ESMTP; 17 Mar 2011 13:40:29 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,6287"; a="21686304"
Received: from wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) by ipccni.tcif.telstra.com.au with ESMTP; 17 Mar 2011 13:40:29 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Thu, 17 Mar 2011 13:40:28 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: OAuth WG <oauth@ietf.org>
Date: Thu, 17 Mar 2011 13:40:26 +1100
Thread-Topic: OAuth2 abstract
Thread-Index: AcvkTKvuSZ2d8pW/RJaZcWcOl5CEaw==
Message-ID: <255B9BB34FB7D647A506DC292726F6E1127FBD267F@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E1127FBD267FWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: [OAUTH-WG] OAuth2 abstract
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2011 02:39:08 -0000
Comments on draft-ietf-oauth-v2-13: 1. Abstract The 1-line abstract is not helpful - it merely repeats the title. The abstract is important as it is the text most widely seem around the rest of the IETF community (eg in announcements of drafts and RFCs) and beyond. It needs to mention: users delegating access to applications; applications orchestrating that delegation; swapping permanent credentials for short-lived access tokens; and that it uses HTTP. Here is my suggestion: "The OAuth 2.0 authorization protocol allows an application to gain limited permission to access an HTTP service on behalf of a user by orchestrating an approval interaction between the user and the service. OAuth 2.0 uses temporary credentials, issued by an HTTP service either directly to an application or to represent user-delegated permissions. A collection of HTTP services can accept temporary credentials without needing to handle long-term user or application credentials, which can be restricted to a secure service that issues the temporary credentials." I think this text can be understood without knowing any of the specialised terms introduced later in the specification. -- James Manger
- [OAUTH-WG] OAuth2 abstract Manger, James H