From: ietf <ietf-bounces@xxxxxxxx> on behalf of Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> Sent: 28 June 2023 00:57 On 6/27/23 05:18, Leif Johansson wrote: >> >> Yeah, IETF is a very strange venue for something like OAUTH. Why >> wasn't it done at W3C? At least they do UI stuff, and more to the >> point have better clue of the inner workings of browsers. It would >> have also driven home the point that it was a web thing, not a >> general thing. >> >> > > Because it isn’t only about ”the web” If OAUTH is useful at all, OAUTH *should* be only about the web. At least as it's typically used in practice, it's completely unsuitable for ordinary applications. <tp> Microsoft seems to take the opposite view with Outlook. They have withdrawn support for the traditional forms of authentication and are now promoting the use of OAUTH as an alternative. The cynic (me!) might think that this advances the cause of those websites whose primary mission it to maximise the amount of personal data that can be harvested and monetised (or is that all websites nowadays?). Tom Petch
