Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents
Mike Jones <Michael.Jones@microsoft.com> Sun, 06 April 2014 06:47 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17881A02A4 for <oauth@ietfa.amsl.com>; Sat, 5 Apr 2014 23:47:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzCpn7bBpmAw for <oauth@ietfa.amsl.com>; Sat, 5 Apr 2014 23:47:43 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0207.outbound.protection.outlook.com [207.46.163.207]) by ietfa.amsl.com (Postfix) with ESMTP id A6F751A02BC for <oauth@ietf.org>; Sat, 5 Apr 2014 23:47:42 -0700 (PDT)
Received: from BY2PR03CA050.namprd03.prod.outlook.com (10.141.249.23) by BY2PR03MB027.namprd03.prod.outlook.com (10.255.240.41) with Microsoft SMTP Server (TLS) id 15.0.913.9; Sun, 6 Apr 2014 06:47:35 +0000
Received: from BY2FFO11FD032.protection.gbl (2a01:111:f400:7c0c::101) by BY2PR03CA050.outlook.office365.com (2a01:111:e400:2c5d::23) with Microsoft SMTP Server (TLS) id 15.0.913.9 via Frontend Transport; Sun, 6 Apr 2014 06:47:35 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD032.mail.protection.outlook.com (10.1.14.210) with Microsoft SMTP Server (TLS) id 15.0.918.6 via Frontend Transport; Sun, 6 Apr 2014 06:47:35 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.232]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.03.0181.007; Sun, 6 Apr 2014 06:47:03 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Bill Mills <wmills_92105@yahoo.com>, Torsten Lodderstedt <torsten@lodderstedt.net>
Thread-Topic: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents
Thread-Index: Ac9RY/LDqaPPFycZSmKqmisDiThmcg==
Date: Sun, 06 Apr 2014 06:47:03 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A143EA5@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439A143EA5TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(438001)(377454003)(53754006)(189002)(24454002)(199002)(47736001)(19580405001)(81542001)(84326002)(50986001)(94946001)(47976001)(97186001)(33656001)(80976001)(2009001)(97336001)(76796001)(74876001)(92726001)(47446002)(74706001)(92566001)(95666003)(49866001)(77096001)(20776003)(19580395003)(76176001)(99396002)(53806001)(74502001)(93136001)(4396001)(63696002)(512954002)(83072002)(93516002)(95416001)(85306002)(15202345003)(90146001)(74662001)(87266001)(98676001)(76786001)(94316002)(81342001)(54356001)(85852003)(56776001)(2656002)(65816001)(83322001)(54316002)(16236675002)(76482001)(15975445006)(84676001)(87936001)(56816005)(66066001)(19300405004)(74366001)(55846006)(79102001)(86362001)(77982001)(59766001)(97736001)(81686001)(44976005)(81816001)(80022001)(69226001)(6806004)(46102001)(71186001)(31966008); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB027; H:mail.microsoft.com; FPR:3CA4F9B7.8FF6D3E9.37FCFDB7.50E250C8.2032F; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0173C6D4D5
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Oz6ZLD7UMXizzEnkcv3Q8GW60mA
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 06:47:47 -0000
The core spec actually already does speak to this question, Bill. http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-16#section-3 says: In some cases, authorization servers MAY choose to accept a software statement value directly as a Client ID in an authorization request, without a prior dynamic client registration having been performed. The circumstances under which an authorization server would do so, and the specific software statement characteristics required in this case, are beyond the scope of this specification. This spec is about dynamic registration, and how to accomplish it. In the case where registration isn't used, other specs or conventions would be needed, which are out of scope for the dynamic registration work (by definition!). Cheers, -- Mike From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Bill Mills Sent: Saturday, April 05, 2014 10:13 PM To: Torsten Lodderstedt Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents To me the fundamental question of whether a client has to be registered in each place it is used is quite significant. We don't address the problem and have not discussed it enough. -bill On Friday, April 4, 2014 11:39 PM, Torsten Lodderstedt <torsten@lodderstedt.net<mailto:torsten@lodderstedt.net>> wrote: Hi Bill, which scalability problem are you referring to? As far as I remember there were issues around the management API but not the core protocol. regards, Torsten. Am 04.04.2014 um 18:41 schrieb Bill Mills <wmills_92105@yahoo.com<mailto:wmills_92105@yahoo.com>>: Given the fundamental scalability problem we discussed in London do we really feel we're ready? On Friday, April 4, 2014 3:07 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> wrote: Hi all, This is a Last Call for comments on the dynamic client registration documents: * OAuth 2.0 Dynamic Client Registration Core Protocol http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-16 * OAuth 2.0 Dynamic Client Registration Metadata http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-metadata-00 Since we have to do the last call for these two documents together we are setting the call for **3 weeks**. Please have your comments in no later than April 25th. Ciao Hannes & Derek _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Mike Jones
- [OAUTH-WG] Working Group Last Call on Dynamic Cli… Hannes Tschofenig
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Justin Richer
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Bill Mills
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Mike Jones
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Torsten Lodderstedt
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Hannes Tschofenig
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Anthony Nadalin
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Bill Mills
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Mike Jones
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Torsten Lodderstedt
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Phil Hunt
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Mike Jones
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Phil Hunt
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Mike Jones
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Torsten Lodderstedt
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Brian Campbell
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… Brian Campbell
- Re: [OAUTH-WG] Working Group Last Call on Dynamic… John Bradley