Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery

John Bradley <ve7jtb@ve7jtb.com> Fri, 05 February 2016 01:03 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44E971B2B74 for <oauth@ietfa.amsl.com>; Thu, 4 Feb 2016 17:03:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.399
X-Spam-Level:
X-Spam-Status: No, score=0.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MANGLED_PREMTR=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AdPCai5Opn4W for <oauth@ietfa.amsl.com>; Thu, 4 Feb 2016 17:03:07 -0800 (PST)
Received: from mail-qg0-x22c.google.com (mail-qg0-x22c.google.com [IPv6:2607:f8b0:400d:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 733C61B2B6C for <oauth@ietf.org>; Thu, 4 Feb 2016 17:03:07 -0800 (PST)
Received: by mail-qg0-x22c.google.com with SMTP id o11so56625763qge.2 for <oauth@ietf.org>; Thu, 04 Feb 2016 17:03:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=33ahAdJGwqhef3mqzTLw31EPs9ip+pv+5Ui73G4XyVY=; b=our1WnrADwZz0srF6eP36vYEKF45pci1AdNLK9g6TD50TjIUiB0eaZZes8zDDZc0RB NH1i35e3XKViKRouVkEkL/xF16hO49nFZkH5HZvtj0MqXJG7O9CWIif+RF7hRESykc8W roMQemzzSOfsTbFASlmpAK5daov3nh+vLlnsIdUGiTdlbKIxHPS2V+jgU6ANjYI5YAn/ 5X9Qj7PyDaSFJmlVUNh2szmIPwnPwGCYYvBxcTN6qFPNx1HIymUbvJgadaqayx1EdNTK hu+EOMrrtyTyx1K9vXOrJjemYtvi1pJy4MIPPFw9uckhOyaEjIli6WcA4zsxqRzRl0li tb2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=33ahAdJGwqhef3mqzTLw31EPs9ip+pv+5Ui73G4XyVY=; b=kEx8KtAgwsTy2DknTfn0IMzEJcet+wojGHAMaQA8I2WccXN5fbG0iSlmvAMl5tWVHK JtqhQvYdXSp+ojX5mO01rncfo7QZKdoeaL159fWFsES2hZoYCCIFnUU7KloHyq7do3sh rnmZaEVMU0eG+IqRmThoGZzB7ctYfajjLW0HLBinemL4Du2mJCffCFuGFzND/SOOi3kh ngM5dFFGqCUfVWyo12q1gJPvmhhcJadKfrjVvESbooVdqSSzG7aVsRZA/1jBGEzS3VKG 0oPZo+sYh0WleHSN16lxD+FtoAfYsyuYnni+XSMNoVocJnQFKKEp9IzZK03O3FOgd2LE Yemw==
X-Gm-Message-State: AG10YOQisOL82OaJ9r1YD9OM1Nja5ZFySb55+/Vfs/4XP/b38ZYEXA3OoO9Eilo3ZXpiug==
X-Received: by 10.140.28.133 with SMTP id 5mr6276214qgz.79.1454634185482; Thu, 04 Feb 2016 17:03:05 -0800 (PST)
Received: from [192.168.8.100] ([181.202.238.84]) by smtp.gmail.com with ESMTPSA id n83sm6477328qhn.20.2016.02.04.17.03.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 04 Feb 2016 17:03:04 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <2DE2E1FE-BBB0-489B-9479-888A7D36E6C8@mit.edu>
Date: Thu, 4 Feb 2016 22:03:00 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <C0DC9BBD-2539-47F9-9C45-D6B4AF9D1A0E@ve7jtb.com>
References: <569E2298.3010508@gmx.net> <BY2PR03MB44237A6E59B1E76D9B7D14CF5D10@BY2PR03MB442.namprd03.prod.outlook.com> <CAAP42hATYHF1meMjJ_Exu=G5d-xWXcky2nNwny1DwWqxf3ZE6Q@mail.gmail.com> <0B9E9D6E-67A9-4956-BFA2-9A90CD39087A@oracle.com> <E04315CD-4FD3-4B06-BD33-22FF6DC5EB38@adm.umu.se> <2DE2E1FE-BBB0-489B-9479-888A7D36E6C8@mit.edu>
To: Justin Richer <jricher@mit.edu>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/VRfWfSYQi-EwnXk4BrYQJ7Kswss>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 01:03:09 -0000

I would personally be fine with just the .well-known discovery.

I think in the earlier thread I was trying to make the argument that webfinger discovery is going to be based on the API that you are looking for and not generic OAuth.

A generic OAuth rel per user doesn’t really make sense.   A client is looking for a OpenID Connect identity provider ,  a photo sharing service,  a calendar service etc.

Given the way UMA works by starting at the resource I would expect that a client would discover a medical records service and make a request to the API and get back a RPT token and location of the UMA server to get a AT.   I don’t quite know what good knowing the UMA server would be unless it supported discovery (Talked about I think) however that might be circular.

Let the protocols define how to use WebFinger and define the rel and we can pick up from there.

We should adopt the current dock as a starting point.  

John B.

> On Feb 4, 2016, at 9:34 PM, Justin Richer <jricher@mit.edu> wrote:
> 
> +1, if we define a webfinger/rel at all.
> 
> I would rather we just define the service discovery document, the thing that lives under .well-known.
> 
> — Justin
> 
> 
>> On Feb 4, 2016, at 4:01 AM, Roland Hedberg <roland.hedberg@umu.se> wrote:
>> 
>> +1
>> 
>>> 4 feb 2016 kl. 08:10 skrev Phil Hunt <phil.hunt@oracle.com>om>:
>>> 
>>> +1 for adoption.
>>> 
>>> However I would like a rel value distinct from OpenID (see separate email). While the mechanics of discovery is the same, I believe some clients will want to distinguish between OAuth AS’s and OIDC OPs.  Further, I would expect over time that different discovery features may be required. Locking them together seems like a pre-mature or rush choice.
>>> 
>>> Phil
>>> 
>>> @independentid
>>> www.independentid.com
>>> phil.hunt@oracle.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Feb 3, 2016, at 10:44 PM, William Denniss <wdenniss@google.com> wrote:
>>>> 
>>>> +1 for adoption of this document by the working group
>>>> 
>>>> On Wed, Feb 3, 2016 at 10:27 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
>>>> I support adoption of this document by the working group.  I'll note that elements of this specification are already in production use by multiple parties.
>>>> 
>>>>                               -- Mike
>>>> 
>>>> -----Original Message-----
>>>> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>>> Sent: Tuesday, January 19, 2016 3:49 AM
>>>> To: oauth@ietf.org
>>>> Subject: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
>>>> 
>>>> Hi all,
>>>> 
>>>> this is the call for adoption of OAuth 2.0 Discovery, see
>>>> https://tools.ietf.org/html/draft-jones-oauth-discovery-00
>>>> 
>>>> Please let us know by Feb 2nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.
>>>> 
>>>> Note: If you already stated your opinion at the IETF meeting in Yokohama then you don't need to re-state your opinion, if you want.
>>>> 
>>>> The feedback at the Yokohama IETF meeting was the following: 19 for / zero against / 4 persons need more information.
>>>> 
>>>> Ciao
>>>> Hannes & Derek
>>>> 
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> 
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> 
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth