Comment by seb1204
8 months ago
Why does the internet not make this stuff a RFC? Email and TCP are RFCs so are other critical aspects and global companies use the all the time.
8 months ago
Why does the internet not make this stuff a RFC? Email and TCP are RFCs so are other critical aspects and global companies use the all the time.
There is an RFC for OAuth 2 interestingly enough: https://www.rfc-editor.org/rfc/rfc6749
Historically the IETF has been reluctant to get involved with Identity (and hence authentication) for various reasons. There are a few standards bodies in this area and they all have their strengths and weaknesses (the presentation by Heather Flanagan someone linked to elsewhere in the thread gives a good introduction).
Even some RFCs are basically available as ISO standards and vice versa, e.g. for time/date formats you almost never need to buy ISO8601 and can just read RFC3339 (which is technically a 'profile' of ISO8601).