Re: [OAUTH-WG] OAuth 2.0 Discovery Location
Brian Campbell <bcampbell@pingidentity.com> Mon, 29 February 2016 22:35 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CB81B3E29 for <oauth@ietfa.amsl.com>; Mon, 29 Feb 2016 14:35:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rraEDG8vh92E for <oauth@ietfa.amsl.com>; Mon, 29 Feb 2016 14:35:30 -0800 (PST)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22F551B3E3B for <oauth@ietf.org>; Mon, 29 Feb 2016 14:35:30 -0800 (PST)
Received: by mail-ig0-x233.google.com with SMTP id z8so5728281ige.0 for <oauth@ietf.org>; Mon, 29 Feb 2016 14:35:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=R34A6B+FA7iGDM1AYd2XjGLIfaKUrUzsyO6KQZFnLjU=; b=CO7nFeV7pA04HO6HPEztwE+c17/wNd1Pm81p93mO5vUhN+jCiWv7Fnhl8gWYlpfa8x LeV2QNcCLWaBwCELxuUTNEs0cxO6SmkRf5ua6BAafclI1YJzonww9hhJ5rxuVVw7jrFV wi9mcP28iX+JaYGCx8AJ66nai462rGV9D/9dg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=R34A6B+FA7iGDM1AYd2XjGLIfaKUrUzsyO6KQZFnLjU=; b=SNbJmebYhnS1v8493RcOSiUW4jgAb2+i9KoH7yJYOlL69cHIUg1qwNwbn1eOnTAOgp bTJhv8zP822A6QKkVQyXb7lyZeTM/LoHGmqwZjnzPd0nYqdWrs/RYBdSXeF+fxPUGckp EGQ4wj2ceIXuiW0wHAj+p4lThotgnuRE7s7PxZAPK/t7QXkk31C8ebtwA4ZYORdhjGuE 1jkQbgC/6vwupxXgmRwcqM+t/9NTzuNcM/EP7gTlHgbktDUqPvhKJIIyszKQjIvk5qAp v+e1JzTNHm/WAMD4nHFXWLMgmP25u691om3wI2C/dA9iMAvGeGF5TGuQG4qOqVbrqEVK 8Tog==
X-Gm-Message-State: AD7BkJKykT19P3sHYZGRpJd7KpHnYy3JO2g56yN0saK8vO4uArfEBD4VLfRSS2YaeOGWiH3i91TLcQNFBm+pr/vz
X-Received: by 10.50.85.14 with SMTP id d14mr324382igz.49.1456785329407; Mon, 29 Feb 2016 14:35:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.28.196 with HTTP; Mon, 29 Feb 2016 14:34:59 -0800 (PST)
In-Reply-To: <BY2PR03MB442FFEDAA5B8ED7A8FAAD9BF5B80@BY2PR03MB442.namprd03.prod.outlook.com>
References: <E3BDAD5F-6DE2-4FB9-AEC0-4EE2D2BF8AC8@mit.edu> <BY2PR03MB44220A3CDA0552D439C9A2AF5A50@BY2PR03MB442.namprd03.prod.outlook.com> <BN3PR0301MB1234658E888AC37750E18D4EA6A50@BN3PR0301MB1234.namprd03.prod.outlook.com> <BY2PR03MB44295F4948FB3ABEAFBA3D8F5A50@BY2PR03MB442.namprd03.prod.outlook.com> <BN3PR0301MB123439E7F8083A5C557EED28A6A50@BN3PR0301MB1234.namprd03.prod.outlook.com> <4724BFD4-B761-40DC-9535-A0968DEAFD66@oracle.com> <BY2PR03MB442E135F59374B40084665EF5A50@BY2PR03MB442.namprd03.prod.outlook.com> <17E6C845-D633-45F6-A123-515437583F02@oracle.com> <BY2PR03MB442BA8094FF4718BCA93112F5A50@BY2PR03MB442.namprd03.prod.outlook.com> <BY2PR03MB442C4E813E7ADFED795526BF5A50@BY2PR03MB442.namprd03.prod.outlook.com> <53B19A70-3F17-423F-AE5E-DC6181B8FED7@oracle.com> <BY2PR03MB442847F4E292B4AA0498F52F5A60@BY2PR03MB442.namprd03.prod.outlook.com> <E7CF381C-5780-415C-8182-714B43F149CA@oracle.com> <56CEC24C.8040709@connect2id.com> <BY2PR03MB4425461F4C68FAAABC422BDF5A60@BY2PR03MB442.namprd03.prod.outlook.com> <CAF2hCbaowJs+aBU_RrQVj3R6RGX89nsUqinSgAevQeu2+=PS1A@mail.gmail.com> <BY2PR03MB442FFEDAA5B8ED7A8FAAD9BF5B80@BY2PR03MB442.namprd03.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 29 Feb 2016 15:34:59 -0700
Message-ID: <CA+k3eCTg_ztKj4z7y3JpUMF6Mt9PQdHjUw1J0_Rg4tVS=dsP6A@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e013c710013060a052cf04421"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/f6Z-1Oz3PzidpQDcmNlbyGKGCho>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Discovery Location
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 22:35:32 -0000
+1 for "OAuth 2.0 Authorization Server Discovery” from those two options. But what about "OAuth 2.0 Authorization Server Metadata”? The document in its current scope (which I agree with, BTW) isn't really about discovery so much as about describing the metadata at some well-known(ish) resource. On Sat, Feb 27, 2016 at 10:48 AM, Mike Jones <Michael.Jones@microsoft.com> wrote: > It’s clear that people want us to move to the name “OAuth 2.0 > Authorization Server Discovery”. The editors will plan to make that > change in the draft addressing Working Group Last Call comments. > > > > Thanks all, > > -- Mike > > > > *From:* Samuel Erdtman [mailto:samuel@erdtman.se] > *Sent:* Saturday, February 27, 2016 6:47 AM > *To:* Mike Jones <Michael.Jones@microsoft.com> > *Cc:* Vladimir Dzhuvinov <vladimir@connect2id.com>; oauth@ietf.org > > *Subject:* Re: [OAUTH-WG] OAuth 2.0 Discovery Location > > > > +1 for “OAuth 2.0 Authorization Server Discovery” > > > > //Samuel > > > > On Thu, Feb 25, 2016 at 8:10 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > Thanks for your thoughts, Vladimir. I’m increasingly inclined to accept > your suggestion to change the title from “OAuth 2.0 Discovery” to “OAuth > 2.0 Authorization Server Discovery”. While the abstract already makes it > clear that the scope of the document is AS discovery, doing so in the title > seems like it could help clarify things, given that a lot of the discussion > seems to be about resource discovery, which is out of scope of the document. > > > > I’m not saying that resource discovery isn’t important – it is – but > unlike authorization server discovery, where there’s lots of existing > practice, including using the existing data format for describing OAuth > implementations that aren’t being used with OpenID Connect, there’s no > existing practice to standardize for resource discovery. The time to > create a standard for that seems to be after existing practice has > emerged. It **might** or might not use new metadata values in the AS > discovery document, but that’s still to be determined. The one reason to > leave the title as-is is that resource discovery might end up involving > extensions to this metadata format in some cases. > > > > I think an analogy to the core OAuth documents RFC 6749 and RFC 6750 > applies. 6749 is about the AS. 6750 is about the RS. The discovery > document is about the AS. We don’t yet have a specification or existing > practice for RS discovery, which would be the 6750 analogy. > > > > In summary, which title do people prefer? > > · “OAuth 2.0 Discovery” > > · “OAuth 2.0 Authorization Server Discovery” > > > > <OAuth@ietf.org> > > > >
- [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Anthony Nadalin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt (IDM)
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Donald F. Coffin
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Manger, James
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Nat Sakimura
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location nov matake
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location John Bradley
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Justin Richer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location torsten@lodderstedt.net
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Samuel Erdtman
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Phil Hunt
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Brian Campbell
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Roland Hedberg
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Vladimir Dzhuvinov
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location Thomas Broyer
- Re: [OAUTH-WG] OAuth 2.0 Discovery Location George Fletcher