On 7/12/23 12:46, Chris Box wrote:
When it discusses the authentication problem, it is out of scope because this list is defined as being the one for which no other better list exists.
At this point I might argue that no better list exists, because (a) this is probably better discussed in the context of applications than in the context of security in general, and (b) the application area itself is so wide that it's also too wide to facilitate useful progress on this topic.
However I don't think it would be wrong to create a separate list for discussion of alternatives to OAUTH for general-purpose authentication of applications (not necessarily web-based apps).
I'm not yet proposing a WG but could try to write up a list charter if that would be helpful.
Keith
