Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-05.txt

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 11 February 2013 17:28 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7FD321F883C for <oauth@ietfa.amsl.com>; Mon, 11 Feb 2013 09:28:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.472
X-Spam-Level:
X-Spam-Status: No, score=-102.472 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R29NLCbdALew for <oauth@ietfa.amsl.com>; Mon, 11 Feb 2013 09:28:56 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 79EF721F8826 for <oauth@ietf.org>; Mon, 11 Feb 2013 09:28:56 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.20]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0MhOyy-1UImnt2bJq-00Ma2q for <oauth@ietf.org>; Mon, 11 Feb 2013 18:28:55 +0100
Received: (qmail invoked by alias); 11 Feb 2013 17:28:55 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.100]) [88.115.219.140] by mail.gmx.net (mp020) with SMTP; 11 Feb 2013 18:28:55 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19h0X4OYvthpTS+JtV3VwI9z5HQCFQ33WqSF1qKkn hH5RkEw1J/mrcr
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <5112BE73.2070003@mitre.org>
Date: Mon, 11 Feb 2013 19:28:53 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <5FDE6412-5892-4840-935A-20A8A3BC49A0@gmx.net>
References: <20130206201534.13236.6681.idtracker@ietfa.amsl.com> <5112BE73.2070003@mitre.org>
To: Justin Richer <jricher@mitre.org>
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 17:28:57 -0000

Hi Justin, 

just one comment on this specific issue: 

On Feb 6, 2013, at 10:34 PM, Justin Richer wrote:

> 1. client shows up at the Client Registration Endpoint, posts a JSON object with a few bits of metadata about itself (and potentially presents an Access Token that it got from some out of band process that acts as a "class registration" or "developer key", important to several known real-world use cases)

The starting point of the dynamic registry document was that the client does not yet have some secret with the authorization server and for that reason it does all this dance. 
Now, you write that it may have some "developer key" (which is sort of similar to what the client id/client secret is). 

That cannot be right. 

Ciao
Hannes