IETF Logo Mail Archive

Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Thomas Broyer <t.broyer@gmail.com> Thu, 10 March 2016 11:51 UTC

Return-Path: <t.broyer@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A94F12D6C6 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:51:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvraaFR16dS5 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:51:41 -0800 (PST)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8414312D6C2 for <oauth@ietf.org>; Thu, 10 Mar 2016 03:51:40 -0800 (PST)
Received: by mail-lb0-x22f.google.com with SMTP id bc4so107976263lbc.2 for <oauth@ietf.org>; Thu, 10 Mar 2016 03:51:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LH4z1+9VjU7pMtoqRH8+QBdzLyxezM3VY4XmSMV11cs=; b=Krr1FIhz33R+ZlXLtU2Y2ZvPZghbfHV56rMleW4uiZKx0k29JE3dc/hLLCT6+MZXbi cVBf4Z3EHVyZf6ZuEWG4gQEbrE1VzCDLzdgkvwGJy2v8JWjJU9nRwbRujGP8yyN9Eofk XURyZ54qwU24gCpeV1nvx3/e7B7tWKfBgnMV1ONK929Vic8GYN4pbMDptht9kkdUgvrk PVQ3PXwf9a7QmaG27z/e/gxPONWczZdkZQvY/7X2CQPvyiqvbpGcbXZdeEOCAk3O7I66 qAqowIiULkFTVdhC5YNQB1VTffVuyX8tklBXC+h2240X+FXxhKNvpesszwRp8w0Gs5b1 m4vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LH4z1+9VjU7pMtoqRH8+QBdzLyxezM3VY4XmSMV11cs=; b=Jb6dgjNi31sQcK2tDgcCKTIlqz09Jcw3+SGQN/DgClwkbyXltZqhsL85o6k1lAgCwA iDqDkCU8jg+eQCU5U44QK6ra/LcrixTAdxYYSZMuKiLYVFxM1NNHyXNLprt1S7DlD08S yLZWBSOZZj0094/vWi3BzUfmm4UcIhYTmlN/MoWjHSsuulwhP6BRX83+eHm28io9koK0 0hqVsNz/90WfjUKzHvzoIj1uxzebkXNTK/mymInEvOZ5+n0hf6HeiCSVSZMAovWl2s/G 7oTMPtZ+0FzgXMV5cyPS84lMmJRqBJMyN73bCxpw8I4sHyXhHJn9stm7nsekHi3nJ7O2 RRZw==
X-Gm-Message-State: AD7BkJK2KdkNZiV9oQrEUHWypDpr+FPgonatcnGItLA/vj94P7tZZxYis4TgoIpJ5Ov+7ikSn80OXiMrLb8Biw==
X-Received: by 10.25.143.65 with SMTP id r62mr834117lfd.58.1457610698448; Thu, 10 Mar 2016 03:51:38 -0800 (PST)
MIME-Version: 1.0
References: <56C5C9D5.6040703@gmx.net> <CAF2hCbbjgoyCza=dM24h9KALuG=jkt24AZsWhTFWnnhxE11oGA@mail.gmail.com> <SN1PR0301MB1645E0CD7293E541DC2AA993F5B40@SN1PR0301MB1645.namprd03.prod.outlook.com>
In-Reply-To: <SN1PR0301MB1645E0CD7293E541DC2AA993F5B40@SN1PR0301MB1645.namprd03.prod.outlook.com>
From: Thomas Broyer <t.broyer@gmail.com>
Date: Thu, 10 Mar 2016 11:51:28 +0000
Message-ID: <CAEayHENwX+Tg6QVwjoHfGO-58k4=dV0Wb2Y+dxCi=WMybK+cyA@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Samuel Erdtman <samuel@erdtman.se>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="001a114035fee6e916052db06f2d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/e8QZSVUJt_jH_HPop04r6MrsfRk>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 11:51:43 -0000

I agree with Samuel's comments wrt jwks_uri and registration_endpoint; and
support the name change to “OAuth 2.0 Authorization Server Discovery
Metadata” (or possibly “OAuth 2.0 Authorization Server Discovery”; but I'd
rather narrow down the scope to only talk about metadata, without discovery
mechanism of that metadata; I won't fight for that though, it's just a
preference, not a strong opinion)

On Thu, Mar 10, 2016 at 12:33 PM Mike Jones <Michael.Jones@microsoft.com>
wrote:

> Thanks for your comments, Samuel.  Yes, you’re right that jwks_uri should
> be OPTIONAL, since not all use cases need keys.  Likewise,
> registration_endpoint should be OPTIONAL, rather than RECOMMENDED.
>
>
>
> The grant_type values are defined in OAuth Dynamic Client Registration
> [RFC 7591] and are identifiers for the grant type concept defined in RFC
> 6749.  They identify the grant types that can be used at the Token
> Endpoint.  The response_type concept is defined in RFC 6749, and identifies
> a response syntax from the authorization endpoint.  We can say more to
> differentiate these in the next draft.
>
>
>
> BTW, lest it be in doubt, I support this draft moving forward, with the
> name changed to “OAuth 2.0 Authorization Server Discovery” or “OAuth 2.0
> Authorization Server Discovery Metadata” – as discussed in the thread
> “OAuth 2.0 Discovery Location”.  I’m also open to introducing the “/.well-known/oauth-authorization-server”
> identifier, as discussed in that thread.
>
>
>
>                                                           -- Mike
>
>
>
> *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Samuel
> Erdtman
> *Sent:* Wednesday, March 9, 2016 11:28 PM
> *To:* Hannes Tschofenig <hannes.tschofenig@gmx.net>
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
>
>
>
> Hi,
>
>
>
> I sent a few comments two weeks ago that has not been explicitly commented
> on. (I might have sent them in the wrong way, if so sorry about that)
>
>
>
> https://mailarchive.ietf.org/arch/msg/oauth/Z0LCBuvFDCQTd4xfwoddlbC2P7w
>
>
>
> Most of the comments are minor but I would like to se
>
> jwks_uri to be changed from REQUIRED to OPTIONAL or RECOMMENDED
>
> and at least get a comment of the difference
> between response_types_supported and grant_types_supported
>
>
>
> Best regards
>
> //Samuel
>
>
>
>
>
>
>
>
>
> On Thu, Feb 18, 2016 at 2:40 PM, Hannes Tschofenig <
> hannes.tschofenig@gmx.net> wrote:
>
> Hi all,
>
> This is a Last Call for comments on the  OAuth 2.0 Discovery specification:
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-01
>
> Since this document was only adopted recently we are running this last
> call for **3 weeks**.
>
> Please have your comments in no later than March 10th.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email