Return-Path: <panva.ip@gmail.com>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id C9669F039BE4
	for <oauth@mail2.ietf.org>; Mon, 18 May 2026 09:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
	t=1779123493; bh=u6YSUQv0jkcVo+EWookUvC1btUKBmKyXNPbCQsU3/VA=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc;
	b=dKIPNBDoRDPH/TnXTWPk5vJa3Rwb81+7Wiv85XRVCsSL1OufNdTe4WXloe/HXmVAC
	 1FNKpzcL87PCRCe2nmaf9pIDSiAaQAUf4yWEnnveBOku8KlXdK4zVX1/Lum7GHOG6A
	 W1ntpm05NkiOGeF1zwY/xlstH/S99UOLD+4bU7r8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zICcHU-H_vay for <oauth@mail2.ietf.org>;
	Mon, 18 May 2026 09:58:13 -0700 (PDT)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com
 [IPv6:2a00:1450:4864:20::32b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id 47A4EF039BDA
	for <oauth@ietf.org>; Mon, 18 May 2026 09:58:13 -0700 (PDT)
Received: by mail-wm1-x32b.google.com with SMTP id
 5b1f17b1804b1-48fe26a177cso18253525e9.1
        for <oauth@ietf.org>; Mon, 18 May 2026 09:58:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779123492; cv=none;
        d=google.com; s=arc-20240605;
        b=fBUlo2ceLAcFf51kI/sr/RSFyFHuJEfcqZFmwiIfHFVZsOyRF/IapuDckhtX3lQYQa
         L0ZWwlO+Urh8mAt4T+5yMowzRoiYbyqIl65hPu7mHC8dl7SOWpJ8SC/126YNXNB/VzFn
         OcW9mYQfv/WdXmNARVxZCbMSEhfllRknHuQb86YfhKnPdldndrcpvVapMu54txEj2Jxq
         WbD2q9I7svWlTf3o0IaxmBszcrftRsYGV8MqymU7mUgnW1fzYVmMyM5eMqJj8wxWqSjQ
         iPw47GRMXYBGguj7emtrkqKaAsjY9nh23wdz/+6tA6lXn6+32mZ3woCyv4Rf+/F1ML8U
         hpjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=LZLEDEKoYf1PR5l2njczDDbVjCUUku/wDqo5mb7v5aw=;
        fh=cglHmHKBAm/Lz2/oo9a9aFpta2Tr7RGoLYz8pzBQh3A=;
        b=cZAgRQOb6VyQGtz26tmRTAiCBpxRVVWloOGRG76JVvBASZCBDG1HfC3K/9AWoKYge5
         5YyrczlV+yCzHIy2iozHJS0rdFqW81jH3fAQaUULxaQoFooDBA/veclYCQuzKWHXe38U
         YnyoDS1pt5vnnV+TbPI/6aFXUAGHxjU0JJoAyfV+ZxoRzWzjNu8NHmgmkpSfDxxPRecc
         xWbtKbMc7RwBEYRi+ofCBDKmC5VrCJlme17MPaEwcZlhc3cvRLotjWco+uB+R/CPC3X3
         ol7d4yU+7Xjk33NpCI/dRJ9G3xmoMwnWM8MJuT+GEgDwFBa7ZZIqrgnHAlgHoLN8xI40
         AoXg==;
        darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779123492; x=1779728292; darn=ietf.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=LZLEDEKoYf1PR5l2njczDDbVjCUUku/wDqo5mb7v5aw=;
        b=HDQRCv26E4zrfVtdc5E3QtnUikADnvJuY03p/w8IfZvB10edEmiq267faS6imIxnEB
         w8xlJGKf0pKRlGVw4tsqcQjTYzh1dN+ICbAPQD2p0QFV4e+khKC56lFHUYIMnNjR4r1z
         gapm2pN8vzho2eD6vev3W7Ho+B47w2QIc6k9mMjfK1omNCeA0QqgYXMrWK0rarWuSn5w
         RbvimoOl2tbbAL8Xcopr/7QNqyFtWpb5cbcomvsyV6EvQXe626sht5oPa+LRnvUM8S5i
         RNf+f4a7ut83yTormP48DURajBCVfdzJ1YxwkejocQRPia06Cog0glgDxLmkV0Y+hRF5
         jwhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779123492; x=1779728292;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=LZLEDEKoYf1PR5l2njczDDbVjCUUku/wDqo5mb7v5aw=;
        b=hLctJSI1/ygNHsrnIoayJI9k+XmcbYBfJ1elKbf32fuXX4LFwqujnOz6xaElrV6xZS
         pQUPpwBJNpymcd7wAttiipf2L6pVBLILqik77UVvtWLiZWFn72ysTiG9Hc2iW+AP4SRy
         4NTDvTIBekoLbQbh0fQbDxfotOfn+8HHrwB3N7DzhWiIpYaWiOPsTa5CZIYK/PPck+I9
         dk9TBmeAH3JfLIVRlBvIQX0wbzp0W69QkQrSAwZcOhYNNMFKjT0jUAjvnfXKSFI/EmNR
         FnZXMxqnV1LVR522RkZFAx5yMIQRFg+6nfLr5mcLw5waQErN7dEV+B7477WlJWZOemtP
         R4eg==
X-Gm-Message-State: AOJu0YxgJlJbFEGlxVM8mB0koK1cuoWf9CM3H1UOkVDf1UsuBmS9t+Jq
	fmPdSaN7XwWD3A4C6YoP3f2Ato/38AeaZwTl9N5fodLnhhNVse0lYOn5Fa7gsDNv67efv/PRtwl
	1NsUZw3UcN1TFR83FrgIVbEgVZSjwDZ2BWJc=
X-Gm-Gg: Acq92OE1U42D4uJay0rZAz5V613cd9lozH7DrR8howvy4nCkzxun+m2gDJ2VjBgQM7a
	xhED4ObAAuIYE0vo2xjK4E8tXv+ywODc493mAV8CZwI2jI9Pti/qg0Pl48OKAVgoMQIGsUu9V2w
	S+HbqCVUWQerB96dLIYjHk7hf+RhMS0CfvC+U72M/ErL8OF5p0tEBNEKNHORZvr96Zq6iQknGPY
	9lFP5GqrrvjKnxC4OlTadZtfi8bzhicKzBvKLXQdWTFElaVp9qvU8WQZk7ciFQ0AZAoxaZdFesq
	SZI2VlMp3mxU0W0=
X-Received: by 2002:a05:600c:6992:b0:48e:6f39:f7be with SMTP id
 5b1f17b1804b1-48fe60ea533mr235297125e9.10.1779123491880; Mon, 18 May 2026
 09:58:11 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CALZ8nCuvyBB7XuRUJO0EqNxXReiaRGe69d0niTGndyvUO6PZMQ@mail.gmail.com>
In-Reply-To: 
 <CALZ8nCuvyBB7XuRUJO0EqNxXReiaRGe69d0niTGndyvUO6PZMQ@mail.gmail.com>
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 18 May 2026 18:57:34 +0200
X-Gm-Features: AVHnY4JJDtN2y2LCTnVoS-8Uj4cEnNrk8PR3x-NSPVio7dj4y9hoT1VQfXcP_zE
Message-ID: 
 <CALAqi_-CVzF2Q+z_Xvr1ShF_mA4wnXskXHX88GaZOdNZ+HK2Dg@mail.gmail.com>
To: Nick Watson <nwatson=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bec4a206521a7743"
Message-ID-Hash: REWGDAEINFUVOUSH6RUWS5Y6G2AO334Y
X-Message-ID-Hash: REWGDAEINFUVOUSH6RUWS5Y6G2AO334Y
X-MailFrom: panva.ip@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-oauth.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: OAuth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BOAUTH-WG=5D_Re=3A_AS_Metadata_client_id_parameter_draft?=
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/oauth/edf4CnACF1s8we6LcKpamwsUqAc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

--000000000000bec4a206521a7743
Content-Type: text/plain; charset="UTF-8"

Hello Nick,

Let me know what you all think.


Back at IETF 121 I presented this related/similar idea:

   - https://youtu.be/_kNpecjcj64?t=6354
   -
   https://datatracker.ietf.org/meeting/121/materials/slides-121-oauth-sessa-client-id-hint-for-authorization-server-metadata-requests-00

I haven't had a chance to follow up on it since

S pozdravem,
*Filip Skokan*


On Mon, 18 May 2026 at 17:09, Nick Watson <nwatson=
40google.com@dmarc.ietf.org> wrote:

>
> https://njwatson32.github.io/as-metadata-client-id/draft-watson-oauth-as-metadata-client-id.html
>
> I've written up a quick draft on supporting a client_id parameter on AS
> Metadata, which would allow the AS to (1) do gradual rollouts of AS
> metadata changes client by client and (2) customize metadata if necessary
> (e.g. for clients participating in beta programs of upcoming drafts).
>
> AS can also choose to ignore the client_id parameter completely and
> continue serving a statically cached global AS metadata file.
>
> I had this idea recently when implementing support for 9207 (iss
> parameter) and running into poorly behaved clients handling these updates
> badly. The draft I'm proposing would have allowed me to avoid making global
> changes to AS metadata, and even do a synchronized rollout of returning
> `iss` from the authorization endpoint and
> declaring authorization_response_iss_parameter_supported.
>
> Let me know what you all think.
>
> Nick
>
> PS: I've also proposed the "reverse" of this for CIMD in this issue
> <https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/78>
> .
>
> --
> Nick Watson | Software Engineer | nwatson@google.com | (781) 608-3352
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

--000000000000bec4a206521a7743
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello Nick,</div><div><br></div><div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid r=
gb(204,204,204);padding-left:1ex">Let me know what you all think.</blockquo=
te></div><div><br></div><div>Back at IETF 121 I presented this related/simi=
lar idea:</div><div><ul><li><a href=3D"https://youtu.be/_kNpecjcj64?t=3D635=
4">https://youtu.be/_kNpecjcj64?t=3D6354</a></li><li><a href=3D"https://dat=
atracker.ietf.org/meeting/121/materials/slides-121-oauth-sessa-client-id-hi=
nt-for-authorization-server-metadata-requests-00">https://datatracker.ietf.=
org/meeting/121/materials/slides-121-oauth-sessa-client-id-hint-for-authori=
zation-server-metadata-requests-00</a></li></ul><div>I haven&#39;t had a ch=
ance to follow up on it since</div></div><div><br></div><div><div dir=3D"lt=
r" class=3D"gmail_signature" data-smartmail=3D"gmail_signature">S pozdravem=
,<br><b>Filip Skokan</b></div></div><br></div><br><div class=3D"gmail_quote=
 gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, 18 Ma=
y 2026 at 17:09, Nick Watson &lt;nwatson=3D<a href=3D"mailto:40google.com@d=
marc.ietf.org">40google.com@dmarc.ietf.org</a>&gt; wrote:<br></div><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px=
 solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><a href=3D"=
https://njwatson32.github.io/as-metadata-client-id/draft-watson-oauth-as-me=
tadata-client-id.html" target=3D"_blank">https://njwatson32.github.io/as-me=
tadata-client-id/draft-watson-oauth-as-metadata-client-id.html</a></div><di=
v><br></div><div>I&#39;ve written up a quick draft on supporting a client_i=
d parameter on AS Metadata, which would allow the AS to (1) do gradual roll=
outs of AS metadata changes client by client and (2) customize metadata=C2=
=A0if necessary (e.g. for clients participating in beta programs of upcomin=
g drafts).</div><div><br></div><div>AS can also choose to ignore the client=
_id parameter completely and continue serving a statically cached global AS=
 metadata=C2=A0file.</div><div><br></div><div>I had this idea recently when=
 implementing support for 9207 (iss parameter) and running into poorly beha=
ved clients handling these updates badly. The draft I&#39;m proposing would=
 have allowed me to avoid making global changes to AS metadata, and even do=
 a synchronized rollout of returning `iss` from the authorization endpoint =
and declaring=C2=A0authorization_response_iss_parameter_supported.</div><di=
v><br></div><div>Let me know what you all think.</div><div><br></div><div>N=
ick</div><div><br></div><div>PS: I&#39;ve also proposed the &quot;reverse&q=
uot; of this for CIMD in this <a href=3D"https://github.com/oauth-wg/draft-=
ietf-oauth-client-id-metadata-document/issues/78" target=3D"_blank">issue</=
a>.</div><div><br></div><span class=3D"gmail_signature_prefix">-- </span><b=
r><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div style=3D=
"line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);fon=
t-family:sans-serif;font-size:small"><span style=3D"border-width:2px 0px 0p=
x;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top=
:2px">Nick Watson=C2=A0|</span><span style=3D"border-width:2px 0px 0px;bord=
er-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"=
>=C2=A0Software Engineer |</span><span style=3D"border-width:2px 0px 0px;bo=
rder-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"=
>=C2=A0<a href=3D"mailto:nwatson@google.com" target=3D"_blank">nwatson@goog=
le.com</a>=C2=A0|</span><span style=3D"border-width:2px 0px 0px;border-styl=
e:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px">=C2=A0=
(781) 608-3352</span></div></div></div></div>
_______________________________________________<br>
OAuth mailing list -- <a href=3D"mailto:oauth@ietf.org" target=3D"_blank">o=
auth@ietf.org</a><br>
To unsubscribe send an email to <a href=3D"mailto:oauth-leave@ietf.org" tar=
get=3D"_blank">oauth-leave@ietf.org</a><br>
</blockquote></div>

--000000000000bec4a206521a7743--

