IETF Logo Mail Archive

Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Samuel Erdtman <samuel@erdtman.se> Thu, 10 March 2016 11:54 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28CE112D6A8 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:54:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ueVqb_mYBWm7 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:54:27 -0800 (PST)
Received: from mail-vk0-x232.google.com (mail-vk0-x232.google.com [IPv6:2607:f8b0:400c:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EC6412D668 for <oauth@ietf.org>; Thu, 10 Mar 2016 03:54:27 -0800 (PST)
Received: by mail-vk0-x232.google.com with SMTP id k1so92244748vkb.0 for <oauth@ietf.org>; Thu, 10 Mar 2016 03:54:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=+V7mlAkRTb6gM4mhcKK7yq/1QxidMrQG/Z4Zz37ODyw=; b=VRr3YNUx1uTUz6Xs+pVyIJJ0kyZYHOupiR+RaSv9pMgI9rsaSbhAVkgLW0MAITOrBi Aghjj1F9GjyFVz+fveqobjBFAkXBQ7HEultLyThqYviMaDiz9jQB83miwmHpL0yK+t/2 Iqjxd9ai100D6b+bHkkwmcNpI8YTMfoa8RxpK1az8ZYMzH3WeoFtMK7UFpA6WOV7DqLD g1jiQBHzi9+S/aJ9pdyizzwFqmE/6pXQ8UTB6qAxed0oTv5A5GUfKmwKPf+vpwHZxx07 ASFXrVNxtEdgO/VKz5cY0WHdK+p/OgU8WkG8Lld/nIRFKl1tk23Un+Vb6CNf7GjZyV/O I8FA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=+V7mlAkRTb6gM4mhcKK7yq/1QxidMrQG/Z4Zz37ODyw=; b=L53KzKC2BulMSrF4tichL56PrIalFcamgI53wBqzAQryiTyZsk9YyXUX+yVKroJ1ia KQ2QfA7wbbF2W2UiufVfPs+TyGn2xggttPZTXO8OtWh6VCuerRp7H4teDSGq3n0LOp9E dCmelVc43ZD6/GzZ/KGj2HWebctE4dQqDb+mgLV3sQCMaI1Vsd/ydYp6SIzZotc12SKq fW2g+ah56VDSmeOKXPw9iz9TvNUK0Bn1/hB5Hj37mhoPb6gHh1UACTdmS1iEllwJXUxx qEPIf1LHuBYpzHIEx9E0QmVbgGjsEXv3Q3c6GbEM560uJb4IJBTSFYitPqA14Ez3LaKb Rvsg==
X-Gm-Message-State: AD7BkJJVAeW2Fvk/c4wa2s/R4cVTRSo6vnmOiQh0pjtxVQiz0ZdxHCryj5xployWZjCOUrShO1Pek+K9EycTJQ==
MIME-Version: 1.0
X-Received: by 10.31.52.134 with SMTP id b128mr3110986vka.124.1457610866442; Thu, 10 Mar 2016 03:54:26 -0800 (PST)
Received: by 10.159.37.42 with HTTP; Thu, 10 Mar 2016 03:54:26 -0800 (PST)
In-Reply-To: <SN1PR0301MB1645E0CD7293E541DC2AA993F5B40@SN1PR0301MB1645.namprd03.prod.outlook.com>
References: <56C5C9D5.6040703@gmx.net> <CAF2hCbbjgoyCza=dM24h9KALuG=jkt24AZsWhTFWnnhxE11oGA@mail.gmail.com> <SN1PR0301MB1645E0CD7293E541DC2AA993F5B40@SN1PR0301MB1645.namprd03.prod.outlook.com>
Date: Thu, 10 Mar 2016 12:54:26 +0100
Message-ID: <CAF2hCbayHYPueFbgKZaVMNsK25jHPFXV+4B659s3KvRmgxJXGQ@mail.gmail.com>
From: Samuel Erdtman <samuel@erdtman.se>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="001a114402beea5878052db0794a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/dX62X_xcDGQ6AYYYYMeiSkV-DOM>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 11:54:30 -0000

Thanks Mike!

Then lets take it to the next level :)

//Samuel

On Thu, Mar 10, 2016 at 12:33 PM, Mike Jones <Michael.Jones@microsoft.com>
wrote:

> Thanks for your comments, Samuel.  Yes, you’re right that jwks_uri should
> be OPTIONAL, since not all use cases need keys.  Likewise,
> registration_endpoint should be OPTIONAL, rather than RECOMMENDED.
>
>
>
> The grant_type values are defined in OAuth Dynamic Client Registration
> [RFC 7591] and are identifiers for the grant type concept defined in RFC
> 6749.  They identify the grant types that can be used at the Token
> Endpoint.  The response_type concept is defined in RFC 6749, and identifies
> a response syntax from the authorization endpoint.  We can say more to
> differentiate these in the next draft.
>
>
>
> BTW, lest it be in doubt, I support this draft moving forward, with the
> name changed to “OAuth 2.0 Authorization Server Discovery” or “OAuth 2.0
> Authorization Server Discovery Metadata” – as discussed in the thread
> “OAuth 2.0 Discovery Location”.  I’m also open to introducing the “/.well-known/oauth-authorization-server”
> identifier, as discussed in that thread.
>
>
>
>                                                           -- Mike
>
>
>
> *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Samuel
> Erdtman
> *Sent:* Wednesday, March 9, 2016 11:28 PM
> *To:* Hannes Tschofenig <hannes.tschofenig@gmx.net>
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
>
>
>
> Hi,
>
>
>
> I sent a few comments two weeks ago that has not been explicitly commented
> on. (I might have sent them in the wrong way, if so sorry about that)
>
>
>
> https://mailarchive.ietf.org/arch/msg/oauth/Z0LCBuvFDCQTd4xfwoddlbC2P7w
>
>
>
> Most of the comments are minor but I would like to se
>
> jwks_uri to be changed from REQUIRED to OPTIONAL or RECOMMENDED
>
> and at least get a comment of the difference
> between response_types_supported and grant_types_supported
>
>
>
> Best regards
>
> //Samuel
>
>
>
>
>
>
>
>
>
> On Thu, Feb 18, 2016 at 2:40 PM, Hannes Tschofenig <
> hannes.tschofenig@gmx.net> wrote:
>
> Hi all,
>
> This is a Last Call for comments on the  OAuth 2.0 Discovery specification:
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-01
>
> Since this document was only adopted recently we are running this last
> call for **3 weeks**.
>
> Please have your comments in no later than March 10th.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email