Re: [OAUTH-WG] OAuth 2.0 Discovery Location

Thomas Broyer <t.broyer@gmail.com> Wed, 24 February 2016 15:01 UTC

MIME-Version: 1.0
References: <E3BDAD5F-6DE2-4FB9-AEC0-4EE2D2BF8AC8@mit.edu> <CAEayHEMspPw3pu9+ZudkMp9pBPy2YYkiXfPvFpSwqZDVyixWxQ@mail.gmail.com> <CABzCy2CpSB2Nrs-QoaEwpqtG4J8UNeAYNy1rion=mp5PQD2dmg@mail.gmail.com>
In-Reply-To: <CABzCy2CpSB2Nrs-QoaEwpqtG4J8UNeAYNy1rion=mp5PQD2dmg@mail.gmail.com>
From: Thomas Broyer <t.broyer@gmail.com>
Date: Wed, 24 Feb 2016 15:00:58 +0000
Message-ID: <CAEayHEN460jz4BSoxKZ9t7JLc016oAeFkWkcxTD0Gte=Ed141w@mail.gmail.com>
To: Nat Sakimura <sakimura@gmail.com>, Justin Richer <jricher@mit.edu>, "<oauth@ietf.org>" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a114116bc03cd39052c8556ea"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/7E2b4UbQBmTd-rejzxJHBsMfn_A>
Subject: Re: [OAUTH-WG] OAuth 2.0 Discovery Location
Precedence: list

Hi Nat,

On Wed, Feb 24, 2016 at 12:54 PM Nat Sakimura <sakimura@gmail.com> wrote:

>
> 2016年2月22日(月) 18:44 Thomas Broyer <t.broyer@gmail.com>:
>
>
>> (well, except if there are several ASs each with different scopes; sounds
>> like an edge-case to me though; maybe RFC6750 should instead be updated
>> with such a parameter such that an RS could return several
>> WWW-Authenticate: Bearer, each with its own "scope" and "duri" value?)
>>
>
> Yeah, I guess it is an edge case. I would rather like to see these authz
> servers to develop a trust framework under which they can agree on a single
> set of common scope parameter values.
>

Well, except that adding the "duri" and "auri" metadata links to the
"WWW-Authenticate: Bearer" response header(s) would easily solve those
issues (without judging here whether they're edge-case or not), and I don't
really see any other use-case for that metadata outside the unauthorized
use of a resource (your draft admits it's the "typical use-case").

[OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
[OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
Re: [OAUTH-WG] OAuth 2.0 Discovery Location nov matake
Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location torsten@lodderstedt.net
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Roland Hedberg
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher