On 6/27/23 05:18, Leif Johansson wrote:
Yeah, IETF is a very strange venue for something like OAUTH. Why
wasn't it done at W3C? At least they do UI stuff, and more to the
point have better clue of the inner workings of browsers. It would
have also driven home the point that it was a web thing, not a
general thing.
Because it isn’t only about ”the web”
If OAUTH is useful at all, OAUTH *should* be only about the web. At
least as it's typically used in practice, it's completely unsuitable for
ordinary applications.
