It sounds indeed great to involve those communities that use the technology. However, I don't see an easy way to accomplish that when we talk about a really large community. For example, many people use TLS and they are not all in the TLS WG working group. I am not even talking about providing useful input to the work (since you would have to be a security expert and some people just want to get their application development done as quickly as possible). They just use the library. OAuth is a bit similar in that direction. Ideally, we want Web application developers to just use a library and then add their application specific technology on top of it rather than having to read the IETF specification and to write the OAuth code themselves. On Jul 29, 2012, at 2:13 PM, Worley, Dale R (Dale) wrote: >> From: Hannes Tschofenig [hannes.tschofenig@xxxxxxx] >> >> Eran claims that enterprise identity management equipment manufacturer dominate the discussion. > > There's a common problem in the IETF that the development of a standard is dominated by companies that incorporate the standard into their products, whereas the people who "really should" be involved in the development are those who will *use* the standard in operation. > > Dale