OAuth met at IETF 82 in Taipei, at 13:00 local time on Thursday, 17 Nov 2011

1. Agenda Bashing, and WG Status

Base doc: TLS version issue has consensus, check on the list (Barry will 
post). Otherwise, the doc needs a new revision from AD comments.

Bearer: long discussion about mandatory-to-implement token type.  
Stephen is very firm on the need for it, for interoperability.
Consensus in the room favors having one, and for it to be bearer token.
This is an update to the base protocol doc.  Confirm on the list.

Both documents will go into IETF last call together, when the new versions 
are ready.

1a. Bearer Token: Encoding Problems
    Remote presentation by Julian Reschke

Julian presents HTTP issues with some bearer-token fields.
The fields in question are protocol elements, not human-readable strings, 
and need no internationalization.  If the fields are limited to ASCII, the 
problem goes away.  This is acceptable to Mike and to Julian.

2. Status and issues with existing documents:

2a. HTTP Authentication: MAC Access Authentication
http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac

Little interest shown for this document so far.
Chairs want a co-editor to help edit and to push reviews.

2b. Assertions
http://tools.ietf.org/html/draft-ietf-oauth-assertions
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer

Status: updated, need more reviews; Jeff Hodges recruited.
Still want others; Hannes will follow up.

2c. OAuth 2.0 Threat Model and Security Considerations
http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel

In WGLC immediately, ending on 9 Dec.

3. Rechartering discussion

A few presentations about some of the proposed items.
See the meeting materials page:
https://datatracker.ietf.org/meeting/82/materials.html

Discussion of some priority items:
- JSON web token format, and bearer profile
- Client registration
- Token revocation
- Simple web discovery

Discussion and prioritization will continue on the list.