[OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata

Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 07 March 2017 18:45 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EDE41295C1 for <oauth@ietfa.amsl.com>; Tue, 7 Mar 2017 10:45:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZecV89q_lB4 for <oauth@ietfa.amsl.com>; Tue, 7 Mar 2017 10:45:39 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89D361295C2 for <oauth@ietf.org>; Tue, 7 Mar 2017 10:45:38 -0800 (PST)
Received: from [192.168.91.177] ([80.92.114.23]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MEFIm-1cVree2VeS-00FQkT; Tue, 07 Mar 2017 19:45:32 +0100
To: "oauth@ietf.org" <oauth@ietf.org>, Phil Hunt <phil.hunt@oracle.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <70253643-d036-e333-f94d-597039206777@gmx.net>
Date: Tue, 07 Mar 2017 19:45:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="0vsdxhHpj0N9wWmID59el7bundtCXfl9c"
X-Provags-ID: V03:K0:aY6G0jwWbWwsx1qMaORBWWtuNwcOjIaV99/BHJxq151geYIeA/t 0FnY9wg1s4R6pbCL3wHRjsSw21pSmAK35ewz4lwOFc/SYfOsU1jwwyvcvfQs4lShmntz9Dg kkCf8Kk/piPeWnUSr208UwR6Gf7LE9Px/+lPV/C7kVDUFr2PVbhYOpNNOYpOWszyA2bpk86 vXBbXnjJ7R89+bZZAlEKg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:63IIohA2XEM=:XNG7FyHu/tRb7BNiJx7V4q 3WZ4eoanhfZszgePrX/bL1pj9kbc6F1naAGjhm03yD/vMskB0jpXguRN0MfiqFfcqUUcrqKg9 2iBvArTlz96/oYRi3lM7jsB9Uw9uQWznSVNcj8r0jUghzeCKiFqwUEvJBmpg5bnyLEZyqKgio fHY/9yEluSuypuNBuyOym+OrbuMUJzj3dKVQvGqmTsWaf6mEaWHXZeRme8BCM/kFieOweLbDg jypv4LmBE4qnp/1nk5JW0Ey4Yrj+AvK4aZPo3Of4V8ZyqiwozPFBlsUtOpMTiP4gcmk6dwht4 LF1vtsV+O/jo4syJF4moUJ4UbO07waPX6ATnSuTJQTJyohTqdzQG8iNTJPxoEVZv6Qt7a2VLm T9iWZW9zwgr1C3FdwbQssZviq1hxmKx1tLdKLJ17+YJ2gkHWt5UubTPd15m3+O+kD/L3nODTA 45VWNZlRGCERDx/p12UtJx/iJ9ZHTmcZqkYJyxBCLV6L/pY+k0b5vVtIhtURzQ3h7dkot6zDa /ibJPesXM3PAICCld/7OhWum/MzbTCeZC36+u//ae+FvQy3g1D0F0kreie8XQziIYjmtoYo+6 rhaimpMFFsK3buRablrxBiISePGTwXigY+fpbva/SEKxfwl4cejUFx4/4sTZRud2qwm1umVXW EppQRIS45q/UXYI5YirqQlSuruqY/5iIhoSXNqsNPXZgs4rys7s1KYh/5XvceDSfFSgLhI6H3 X0qi2LvIbbW2wSBMXrWx2VM1ghoA3pREMond6mtBAGVaxGyXryWqx3axN88=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/T3KqnoyMetyDFSyRelZki9x955c>
Subject: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 18:45:40 -0000

Hi all,

here is the write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt

I need your feedback on the following issues:

1) Implementation & deployment status of the spec

2) Working group summary (see below)
(Particularly asking Phil whether this is a correct summary.)

3) There are four normative references to non-IETF specifications (see
below). I am wondering whether these are indeed necessary (as normative
references).

4) Any other feedback?

Ciao
Hannes

----

Working Group Summary

   Work on a discovery mechanism for OAuth was planned since a long
   time but it took till late 2015 before a document was submitted
   to the group, which re-used work done in the OpenID Foundation.
   When the WGLC was started in 2016, see
   https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html,
   feedback resulted in significant restructuring of the document.

   Now, almost a year later these concerns have been resolved and
   the document is ready for publication.


----

   [UNICODE]  The Unicode Consortium, "The Unicode Standard",
              <http://www.unicode.org/versions/latest/>.

   [USA15]    Davis, M. and K. Whistler, "Unicode Normalization Forms",
              Unicode Standard Annex 15, June 2015,
              <http://www.unicode.org/reports/tr15/>.

   [OAuth.Post]
              Jones, M. and B. Campbell, "OAuth 2.0 Form Post Response
              Mode", April 2015, <http://openid.net/specs/
              oauth-v2-form-post-response-mode-1_0.html>.

   [OAuth.Responses]
              de Medeiros, B., Ed., Scurtescu, M., Tarjan, P., and M.
              Jones, "OAuth 2.0 Multiple Response Type Encoding
              Practices", February 2014,
<http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>.