IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth Discovery

John Bradley <ve7jtb@ve7jtb.com> Thu, 26 November 2015 15:59 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49AB31A6F6D for <oauth@ietfa.amsl.com>; Thu, 26 Nov 2015 07:59:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.594
X-Spam-Level:
X-Spam-Status: No, score=-0.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, TRACKER_ID=1.306] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3COm5siBQLv for <oauth@ietfa.amsl.com>; Thu, 26 Nov 2015 07:59:38 -0800 (PST)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A76191A6EE8 for <oauth@ietf.org>; Thu, 26 Nov 2015 07:59:37 -0800 (PST)
Received: by qgcc31 with SMTP id c31so56382266qgc.3 for <oauth@ietf.org>; Thu, 26 Nov 2015 07:59:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=KmUUOdCbgZVs3kOCYDzAZlurgvwgClns8Aq09ILO++Q=; b=uG0ej6PN6svbetaUvKjMmie845FZszbgX28A4gbkC9fg2DRahAhNWkjVPAPH6zovls ROFVud7lEPcOOrHIPlnLoNS3ovY1w+rjoGrzCBFVd3xMEBDW6qvuzQUl/p2+C/8npooN ujQqOVj5SaqoCDKIHl3MCcsLYFfpvehKa5kPOKGVIn7gdOgFKsLywqXMheNQcxAMSizn Ugfj/PJxYUEEICykgJVU9B3SDw7Nw1ZFG8xciRDjlwaTIW/slzwc+XB/DCiYIOkuwO80 NQeLEVoXjkaNipFeckXpfM6OMcoC3ApObjCqQoSzCCGSJP0GM5/zsali0hH3BUb+F2Ws vnMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=KmUUOdCbgZVs3kOCYDzAZlurgvwgClns8Aq09ILO++Q=; b=JB6zzzSjKk2l0gM7hoEmgQHaO8X1ZTqamuJXP1FvcarSNRnALgnwIaI3LdHPRLHVqC /Txu4rHBty6zLSqTLX3i7h+MDND6i9daumU2SF2pTG8+MxOoIQz67LEog6PEK90NlU/B sLQ0GhXe252xdIHmLjtTkEDMoG6adip+A9TSvR9sUPYhH84+C1Sn44q1xEmfhjILOdt0 XEPAWTLS4VAiv7n2Si+pmhHeMS+5/LLbqBgBwMqGwIYxyJ5z3KRC+NoJ9m9WJLG7t8Qo XiHUQKXBR2rjBaPFoGmkT0P79/HVZEAekOnF3nTN8QT4UYyiXRm4aYFVRHhfEcKxkWXw 8MzQ==
X-Gm-Message-State: ALoCoQkWVB6KmWn2ugKOfYyK1p8uJURAHmyD4mP/S3xklFSk6ETvIMrs5HHgXbUmp0uRg097Zj/N
X-Received: by 10.140.159.134 with SMTP id f128mr50028197qhf.72.1448553576589; Thu, 26 Nov 2015 07:59:36 -0800 (PST)
Received: from [192.168.8.100] ([181.202.72.81]) by smtp.gmail.com with ESMTPSA id f126sm2701246qkb.43.2015.11.26.07.59.34 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 26 Nov 2015 07:59:35 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_FF4969E2-9850-4C84-9473-4B93D4C64E26"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <565717A0.7080805@connect2id.com>
Date: Thu, 26 Nov 2015 12:59:30 -0300
Message-Id: <282CA912-3F1A-4E04-85A4-0834D78E9725@ve7jtb.com>
References: <BY2PR03MB4420981B312D92924AD6BFFF5050@BY2PR03MB442.namprd03.prod.outlook.com> <565717A0.7080805@connect2id.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/cHLPxie4yaI13KSosbCiT1WzXBk>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2015 15:59:40 -0000

The methods could be the same but they should probably specified separately eg

introspection_endpoint_auth_methods_supported
If we overload them we will probably regret it later.

John B.
> On Nov 26, 2015, at 11:30 AM, Vladimir Dzhuvinov <vladimir@connect2id.com> wrote:
> 
> Good work, Mike, John, Nat!
> 
> I see that the introspection and revocation endpoints are included now (they've been missing in OpenID discovery).
> 
> Regarding client authentication, would it make sense to let token_endpoint_auth_methods_supported apply to the introspection and revocation endpoints as well?
> 
> token_endpoint_auth_methods_supported
>       OPTIONAL.  JSON array containing a list of client authentication
>       methods supported by this token endpoint.  Client authentication
>       method values are used in the "token_endpoint_auth_method"
>       parameter defined in Section 2 of [RFC7591] <http://tools.ietf.org/html/rfc7591#section-2>.  If omitted, the
>       default is "client_secret_basic" -- the HTTP Basic Authentication
>       Scheme specified in Section 2.3.1 <http://tools.ietf.org/html/draft-jones-oauth-discovery-00#section-2.3.1> of OAuth 2.0 [RFC6749 <http://tools.ietf.org/html/rfc6749>].
> 
> 
> Vladimir
> 
> On 26.11.2015 01:37, Mike Jones wrote:
>> I'm pleased to announce that Nat Sakimura, John Bradley, and I have created an OAuth 2.0 Discovery specification.  This fills a hole in the current OAuth specification set that is necessary to achieve interoperability.  Indeed, the Interoperability section of OAuth 2.0 <https://tools.ietf.org/html/rfc6749#section-1.8> <https://tools.ietf.org/html/rfc6749#section-1.8> states:
>> 
>> In addition, this specification leaves a few required components partially or fully undefined (e.g., client registration, authorization server capabilities, endpoint discovery).  Without these components, clients must be manually and specifically configured against a specific authorization server and resource server in order to interoperate.
>> 
>> 
>> 
>> This framework was designed with the clear expectation that future work will define prescriptive profiles and extensions necessary to achieve full web-scale interoperability.
>> 
>> This specification enables discovery of both endpoint locations and authorization server capabilities.
>> 
>> This specification is based upon the already widely deployed OpenID Connect Discovery 1.0<http://openid.net/specs/openid-connect-discovery-1_0.html> <http://openid.net/specs/openid-connect-discovery-1_0.html> specification and is compatible with it, by design.  The OAuth Discovery spec removes the portions of OpenID Connect Discovery that are OpenID specific and adds metadata values for Revocation and Introspection endpoints.  It also maps OpenID concepts, such as OpenID Provider, Relying Party, End-User, and Issuer to their OAuth underpinnings, respectively Authorization Server, Client, Resource Owner, and the newly introduced Configuration Information Location.  Some identifiers with names that appear to be OpenID specific were retained for compatibility purposes; despite the reuse of these identifiers that appear to be OpenID specific, their usage in this specification is actually referring to general OAuth 2.0 features that are not 
>>  s
>> pecific to OpenID Connect.
>> 
>> The specification is available at:
>> 
>> *         http://tools.ietf.org/html/draft-jones-oauth-discovery-00 <http://tools.ietf.org/html/draft-jones-oauth-discovery-00>
>> 
>> An HTML-formatted version is also available at:
>> 
>> *         http://self-issued.info/docs/draft-jones-oauth-discovery-00.html <http://self-issued.info/docs/draft-jones-oauth-discovery-00.html>
>> 
>>                                                                 -- Mike
>> 
>> P.S.  This note was also posted at http://self-issued.info/?p=1496 <http://self-issued.info/?p=1496> and as @selfissued<https://twitter.com/selfissued> <https://twitter.com/selfissued>.
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email