Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
Roland Hedberg <roland.hedberg@umu.se> Thu, 04 February 2016 09:00 UTC
Return-Path: <roland.hedberg@umu.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ACD61A1E0B for <oauth@ietfa.amsl.com>; Thu, 4 Feb 2016 01:00:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fN9BBx1nZ7wg for <oauth@ietfa.amsl.com>; Thu, 4 Feb 2016 01:00:52 -0800 (PST)
Received: from smtp5.umu.se (smtp5.umu.se [130.239.8.142]) by ietfa.amsl.com (Postfix) with ESMTP id BAEF91A1E0F for <oauth@ietf.org>; Thu, 4 Feb 2016 01:00:51 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.22,393,1449529200"; d="asc'?scan'208";a="86021888"
X-IPAS-Result: A2CiBABZErNW/80N74JeGQEBAQEPAQEBAYJfgWoGiFWucoQHhg0CggcBAQEBAQGBC4RCAQEDAR0GVgULAgEIQgICMiUCBA4FDogFCAGxS48cAQEBAQEFAQEBAQEBAQEQCIYSgW2CSocyK4EPBZZxgnyBY5dfjkBig2Rqhy4BewEBAQ
Received: from umu-ex05.ad.umu.se (HELO mail.ad.umu.se) ([130.239.13.205]) by smtp5.umu.se with ESMTP; 04 Feb 2016 10:00:38 +0100
Received: from UMU-EX03.ad.umu.se (2002:82ef:dcb::82ef:dcb) by UMU-EX05.ad.umu.se (2002:82ef:dcd::82ef:dcd) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 4 Feb 2016 10:00:37 +0100
Received: from UMU-EX03.ad.umu.se ([fe80::708f:f02f:c850:d133]) by UMU-EX03.ad.umu.se ([fe80::708f:f02f:c850:d133%24]) with mapi id 15.00.1130.005; Thu, 4 Feb 2016 10:00:38 +0100
From: Roland Hedberg <roland.hedberg@umu.se>
To: Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
Thread-Index: AQHRXyqDaIEa81d1jkSyC3gLIRPryQ==
Date: Thu, 04 Feb 2016 09:00:37 +0000
Message-ID: <40EFF814-7E12-4DF4-B94C-54495670E314@adm.umu.se>
References: <569E2298.3010508@gmx.net> <56A7CA7D.3050602@lodderstedt.net> <CA+k3eCS6_wZ0YkG8HjiwmQGemndHRBCG12McNTsgTvuEch5LwQ@mail.gmail.com> <DA812138-751B-4FEB-9EFA-40DC38BEDFDB@oracle.com>
In-Reply-To: <DA812138-751B-4FEB-9EFA-40DC38BEDFDB@oracle.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 2.5.2
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.239.200.165]
Content-Type: multipart/signed; boundary="Apple-Mail=_5AA2F4BB-246B-4D70-A4A6-02B53352A14F"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/L_p510EW3CmLR6zvFp-GPrR2TuE>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 09:00:54 -0000
> 3 feb 2016 kl. 00:48 skrev Phil Hunt <phil.hunt@oracle.com>: > > > Item 2: rel value for webfinger > It seems to me while the discovery requirements for plain OAuth and OIDC are the same for today that might not always be true. What will happen if OIDC wants to add more stuff? Will plain oAuth sites have to comply? > > A client may want to know both the OAuth discovery endpoint information for a resource AND it might want to know the OIDC discovery information. They endpoints might not always be the same - how do we tell them apart? I’ve (we’ve) had exactly this problem in the UMA use-case. Which is just one example where an AS may have OAuth2 or OIDC parentage. So, I support having different real values. — Roland
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Torsten Lodderstedt
- [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery Hannes Tschofenig
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Brian Campbell
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Phil Hunt
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… William Denniss
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Mike Jones
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… William Denniss
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Phil Hunt
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Roland Hedberg
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Roland Hedberg
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Justin Richer
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… Phil Hunt
- Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Disco… John Bradley