Re: [OAUTH-WG] OAuth 2.0 Authorization Server Metadata is now RFC 8414
Torsten Lodderstedt <torsten@lodderstedt.net> Fri, 29 June 2018 00:00 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD0C131023 for <oauth@ietfa.amsl.com>; Thu, 28 Jun 2018 17:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.618
X-Spam-Level:
X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSDcVxdmI8wW for <oauth@ietfa.amsl.com>; Thu, 28 Jun 2018 17:00:40 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.18.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AFC3130E3F for <oauth@ietf.org>; Thu, 28 Jun 2018 17:00:38 -0700 (PDT)
Received: from [177.237.72.114] (helo=[172.30.2.54]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1fYgq3-0004DO-4b; Fri, 29 Jun 2018 02:00:35 +0200
Content-Type: multipart/signed; boundary="Apple-Mail-D886DACE-4B37-4890-81BE-231A06067289"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (1.0)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Mailer: iPad Mail (15F79)
In-Reply-To: <CAAP42hCe0OjyP=OeXkqU0K5a69A5NDs8w260=OT+sYcTKpearw@mail.gmail.com>
Date: Thu, 28 Jun 2018 19:00:31 -0500
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <5E0936CA-0B7C-4771-B317-31B40EE9EAA9@lodderstedt.net>
References: <BL0PR00MB0292114ED161717408E72C46F54F0@BL0PR00MB0292.namprd00.prod.outlook.com> <CAAP42hCe0OjyP=OeXkqU0K5a69A5NDs8w260=OT+sYcTKpearw@mail.gmail.com>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PXZrzt_olxTR-VMNWEZPP32dxKo>
Subject: Re: [OAUTH-WG] OAuth 2.0 Authorization Server Metadata is now RFC 8414
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 00:00:44 -0000
Congratulations! > Am 28.06.2018 um 18:15 schrieb William Denniss <wdenniss=40google.com@dmarc.ietf.org>: > > Congratulations! > > Really glad that we have an RFC specifying how servers should provide their configuration data in machine readable form. Helps with developer experience (less manual configuration), as well as mitigating mix-up attacks (better association of related endpoints), amongst other benefits. > > I'm happy to say that the AppAuth clients support RFC 8414, through discovery methods that take a complete URL, in addition to the issuer-based ones designed for OIDC usage. > > >> On Thu, Jun 28, 2018 at 3:54 PM, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote: >> The OAuth 2.0 Authorization Server Metadata specification is now RFC 8414. The abstract describes the specification as: >> >> >> >> This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities. >> >> >> >> The specification defines a JSON metadata representation for OAuth 2.0 authorization servers that is compatible with OpenID Connect Discovery 1.0. This specification is a true instance of standardizing existing practice. OAuth 2.0 deployments have been using the OpenID Connect metadata format to describe their endpoints and capabilities for years. This RFC makes this existing practice a standard. >> >> >> >> Having a standard OAuth metadata format makes it easier for OAuth clients to configure connections to OAuth authorization servers. See https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata for the initial set of registered metadata values. >> >> >> >> Thanks to all of you who helped make this standard a reality! >> >> >> >> -- Mike >> >> >> >> P.S. This announcement was also posted at http://self-issued.info/?p=1883 and as @selfissued. >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 2.0 Authorization Server Met… David Blevins
- Re: [OAUTH-WG] OAuth 2.0 Authorization Server Met… Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Authorization Server Met… Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth 2.0 Authorization Server Met… William Denniss
- [OAUTH-WG] OAuth 2.0 Authorization Server Metadat… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Authorization Server Met… Samuel Erdtman