Dave Longley
Dave Longley
@tplooker, > Again I think I understand your perspective, but unsure how you are reaching your conclusion. What I'm trying to highlight as important is not the difference between non-optimal...
@tplooker, I'd like to see if we can work through some of the concerns you raised to whittle down the list: > The issuer of the capability (URL) has no...
@tplooker, > Its not just CHAPI that needs to be secure against this here to a comparable level with TLS, its everything from the server that generated this URL through...
@tplooker, > In general I think the biggest problem with this CHAPI flow is that there is no way to tie the end user authentication event and or established session...
I don't think we should name the spec after the group -- it makes it seem like there will only be one spec coming out of the group which may...
Given that we're taking a layered approach, I would expect implementations to be named after the layers that they provide -- and that we can plug and play. So +1...
> I propose we avoid encrypted data vault because different use-cases will secure the store in other ways. I would think that different use cases may do *additional* things, but...
We should discuss what problem this is trying to solve and whether or not simpler mechanisms (HTTP keep-alive, HTTP/2) solve it more elegantly. We may want to discuss some kind...
@OR13, > ...its hard for me to know what to do with a PR like this without more critical feedback We should discuss this in the group before merging. @DRK3,...
+1 to program, manager, or integrator/integration