[OAUTH-WG] OAuth 2.0 Discovery Location
Samuel Erdtman <samuel@erdtman.se> Mon, 22 February 2016 06:11 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C2D01B355A for <oauth@ietfa.amsl.com>; Sun, 21 Feb 2016 22:11:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rS5OlSHpSAe0 for <oauth@ietfa.amsl.com>; Sun, 21 Feb 2016 22:11:57 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E851C1B354F for <oauth@ietf.org>; Sun, 21 Feb 2016 22:11:56 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s68so52200734qkh.3 for <oauth@ietf.org>; Sun, 21 Feb 2016 22:11:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=y9oz+XQYk/8vq66XddUQCMOic6oQNlT8Wz5WfnfBSU0=; b=Rejz34YFfiQvx/XjHnx3YrmFUVq3ZPVUF+mS2ieTK0OGEYbZ2OmEw4fvPFHorsoQyK SxylPt0FRU+sLkwmShttHBGhARssZMXQKl9VFXP7iYngc4i+pghJOaIRDztKOHTHz0JX l57YCVF00IdMyHbWL33yl5MoWoeyD95gm+NgfjmFPuukxjfRNYWl5/T9soSsyScfdm/k 6gPWA4+bMW2dm1Abh4i14lvNW4xFNfAifXUZ2uLkm6zdHj6m9UcClWaWhULwSeriPpJo tUkPNN5mCRsGe6Tp4cdeHtW9jmSrr8ATWj3VLDGB+Em4HV8mU3Bj/VrUkjNvLRQBQvPL ZXGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=y9oz+XQYk/8vq66XddUQCMOic6oQNlT8Wz5WfnfBSU0=; b=lvvKl3gNAsIgrmrMMWIet8o4aoM8ao8I4207O323y60lT1VnA8JBV26t5Azr5h+qMa WVaMZvY56FYZ4uZqVN319Ugm9DQaBcOLBbpufJCz9ASiA+FI1E+rwUbfMISEN/uqpxnf wL2CQ6B/YFpx3NzpqphzFkMsAu4R6ho+o8N1UTtjQM1qgFYTX+c4QCYj5a/4/CZyMBWI SasWyhuB/tKMNolwtjud+Am96k+pEEguH3xRt/BDZJ4quWRzrE/bKgr+VxGjf9Ga0G1U q09SlZQID4BX0QfLiLxoK627eP2WJctMUE/knOQvqnnrh0gV1G+mXu8ZvBGqEnjx/TR1 /uRQ==
X-Gm-Message-State: AG10YOSzATPaAl8Y8Ry7mXNEeDNCGdDKp1SyM3yE2/2G1hmUvIXbmXsbD5KouOhTcs7lN/qtQa0aGRLbY4vhow==
MIME-Version: 1.0
X-Received: by 10.55.19.12 with SMTP id d12mr19500698qkh.53.1456121515393; Sun, 21 Feb 2016 22:11:55 -0800 (PST)
Received: by 10.55.179.1 with HTTP; Sun, 21 Feb 2016 22:11:55 -0800 (PST)
Date: Mon, 22 Feb 2016 07:11:55 +0100
Message-ID: <CAF2hCbZhzACZKH3YJicNaSOkcSpXmQr94KgeFx6rZaFZmSkBPw@mail.gmail.com>
From: Samuel Erdtman <samuel@erdtman.se>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="001a11400594acdb8d052c55b528"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Z0LCBuvFDCQTd4xfwoddlbC2P7w>
Subject: [OAUTH-WG] OAuth 2.0 Discovery Location
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2016 06:11:59 -0000
Hi, Here coms some review comments, In general I think this is a good document. //Samuel 2. Authorization Server Metadata token_endpoint, I would prefer if the requiredness of this parameter was put in the beginning instead of the end as with the other parameters. jwks_uri, I would like to change to recommended since this is not a parameter required by the base OAuth 2.0 framework similar to registration_endpoint jwks_uri, It would be nice with a referens to the definition of jwks_uri. jwks_uri, “When both signing and encryption keys are made available, a "use" (public key use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage” The text would be simpler if it just said that “use” always was required. It would also be one less thing to argue about when it comes to interoperability if it was always required. response_types_supported, an example would be appreciated and maybe a referees to the response type definition response_types_supported, What is the difference between response_types_supported and grant_types_supported, with a quick look they seem very similar. Could it be enough with one of them? introspection_endpoint_auth_signing_alg_values_supported, revocation_endpoint_auth_signing_alg_values_supported and token_endpoint_auth_signing_alg_values_supported, it would be good with a reference to the definition of "private_key_jwt" and "client_secret_jwt" token_endpoint_auth_methods_supported, why not refer to IANA registry for "OAuth Token Endpoint Authentication Methods" under [IANA.OAuth.Parameters] in the same way as with introspection_endpoint_auth_signing_alg_values_supported and revocation_endpoint_auth_signing_alg_values_supported 3. Obtaining Authorization Server Discovery Metadata As also mentioned by Justin I think it is a bit confusing with the example opened-configuration as .well-known/ postfix could it be made clearer that it is ab example maybe by making "/.well-known/example-configuration" the primary example. 5. Compatibility Notes ”http://openid.net/specs/connect/1.0/issuer" is only used in this section, maybe it should be removed?
- [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location nov matake
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location torsten@lodderstedt.net
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Roland Hedberg
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher