The solution is to come up with an OAUTH 1.1 spec that accomplishes what's really needed. The more modest version number will keep the complexifiers focused on "2.0" which will either never be finished or never be adopted.
In my view, the most important goal for OAuth 2 was mandate SSL/TLS. That means it could remove timestamp and nonce, and only use plaintext signatures. Any implementation can do this and be backwards compatible with OAuth 1.0A clients by simply requiring SSL and plaintext signing and ignoring timestamp and nonce. Many days I am of mind to declare that a wildcat 1.1.
I would like to see any changes iterate smaller, not to mention ignore enterprise use cases completely since they already have an excellent framework called SAML 2.0 and OAuth is mostly good to accelerate the development of self-served web apps (ie consumer apps and SaaS).
