I spend rather too much time doing disinformation analysis these days. But one of the issues that keeps coming up is what Sartre called a 'bad faith' argument which is an unfortunate term in that people end up doing it without being aware of it, no malice involved.
What Sartre was describing was an argument in which there are two separate frames of reference used. The first frame is used to establish that X applies, then once that is achieved the first frame is discarded and X is interpreted in the second frame.
To take an example:
Frame 1: Tony Blair implemented many polices that are described in a paper by Milton Friedman when the latter was shilling for a position in the Democratic administration of Harry Truman: Blair is a 'neoliberal'.
Frame 2: Neoliberal Milton Friedman shilled for and was successful in getting a consulting role in the Pinochet regime. Therefore neoliberals support Pinochet. Therefore Blair supports Pinochet. Therefore Blair supports the mass murder of 30,000 people.
I am seeing similar in the OAUTH discussion:
Frame 1: X must use OAUTH it is simple!
Frame 2: You have to understand how to apply OAUTH correctly. The Turbo-encabulator mode is very powerful let me stroke my beard while you come to that understanding.
And yes, folk are going to get upset about having their arguments presented in this fashion but I really don't know how else to get through to them the reasons why the people on the receiving end of those arguments are getting upset.
There is a real problem in trying to get across unwelcome information. The ground problem for many of us with OAUTH is that we simply cannot understand it. And we rather suspect the problem isn't on our side. I have come to find that not being able to understand things that exceed a certain complexity is actually a profound advantage in architecture. The real value of formal methods turns out to be they force people to reduce the problem to something simple enough to write proofs about.
This is one of the reasons I would like to see the IETF move towards a W3C style plenary in which WGs are required to provide short introductions to what they do. No, not status reports: an elevator pitch. Because if nobody in the group can describe what is going on with clarity, well perhaps they don't know themselves.
it is really difficult to know what to do in these circumstances. I tell people my criteria for adopting a technology early on. If they meet my criteria, I will attempt to make use of their work product. But I feel absolutely no obligation to do so if they don't.