Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery

William Denniss <wdenniss@google.com> Sat, 06 February 2016 19:20 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 021001A9142 for <oauth@ietfa.amsl.com>; Sat, 6 Feb 2016 11:20:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.921
X-Spam-Level:
X-Spam-Status: No, score=0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MANGLED_PREMTR=2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLryg2_VyFaF for <oauth@ietfa.amsl.com>; Sat, 6 Feb 2016 11:20:04 -0800 (PST)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B581A9140 for <oauth@ietf.org>; Sat, 6 Feb 2016 11:20:04 -0800 (PST)
Received: by mail-oi0-x236.google.com with SMTP id x21so60201257oix.3 for <oauth@ietf.org>; Sat, 06 Feb 2016 11:20:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=0w6YtlhtoQwxN8az3Jca4UqcWbLuA58+IPMI3l+BDgo=; b=mOiYC3v1H/sbjUQTPDWItJqo6ccpjnOimux1k9PXF1X4eEsLeZn6e6nskunzoe2jib Fm8C3Bwq2I78okKKTBOalSku7WNRWGaPMHsNpo8Hk1rPKeeiQC3RzSNqQJ3XdVkRNuS8 sAr13jDY5NwtV2Kof77R7fsVV9MGmIQlRAIErOrHSuqW1lcISYoI8gIYl06uiv1aydjN iQweCXdK3HU2RxwzRdrnIt6+mTqr3x2qlGNf7BIy0WQKzd8X62iynhTsGr6FTsoGZEfl 8g/BcDmnWlFvGpj5yyS011e12oBDarhMPbzcb5kh3AqpZ6YtlQbfdJO/A6sltrl7uTPJ 37+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=0w6YtlhtoQwxN8az3Jca4UqcWbLuA58+IPMI3l+BDgo=; b=b4LbROETuHtfNAHRpC+jPorNmAaOSEbHWfRiJD6OZMPC78Cxa+NMOPICAxxhSNhlsh Rn+Sc4gj6ngbMRvPn9wGNDo/RfSc5avlxhUco4Mz2/vNMXzDw1IusRrnZOoUCnYqBN2q 53BhUlgKS3KW8D32KqePpKPg0LQbNtVOofsUiY8oSgpdJlKYthKncqRJ0xc7KOt7HRSs WoEaay4rg8RaEHfJzt7gaMYTmbnVCGe/EVLdXO+u7gyso9VT21d5IC4PVPGRz7RIMsiq YEnXAapvW5F3tlweC+baNU5arDMNhIZk5xxpamSnHCyrwjW4NBZ/i9mkp6wQGtgeqWay 9ZNw==
X-Gm-Message-State: AG10YORMrlfNG3bInA2WeljGMdh2PmikiF/SmtcuMosLjCoyGGasqK+4gy4QtHtBYJVfX8ZvSbKkx8rSuOE1Rxdw
X-Received: by 10.202.232.70 with SMTP id f67mr12724316oih.21.1454786403974; Sat, 06 Feb 2016 11:20:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.227.39 with HTTP; Sat, 6 Feb 2016 11:19:44 -0800 (PST)
In-Reply-To: <56B5D5AB.9070801@lodderstedt.net>
References: <569E2298.3010508@gmx.net> <BY2PR03MB44237A6E59B1E76D9B7D14CF5D10@BY2PR03MB442.namprd03.prod.outlook.com> <CAAP42hATYHF1meMjJ_Exu=G5d-xWXcky2nNwny1DwWqxf3ZE6Q@mail.gmail.com> <0B9E9D6E-67A9-4956-BFA2-9A90CD39087A@oracle.com> <E04315CD-4FD3-4B06-BD33-22FF6DC5EB38@adm.umu.se> <2DE2E1FE-BBB0-489B-9479-888A7D36E6C8@mit.edu> <56B5D5AB.9070801@lodderstedt.net>
From: William Denniss <wdenniss@google.com>
Date: Sat, 6 Feb 2016 11:19:44 -0800
Message-ID: <CAAP42hDuLgz4rHePg+6SYFqcq1gGFTVEwHmgrMDOQ4BKhKUCww@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/alternative; boundary=001a11407c38d5970c052b1edad7
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/giGZh4CNA94yx4X-i4mVke5KDK8>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 19:20:07 -0000

It looks like discovery is useful for pure OAuth and OpenID Connect
providers alike.  What if we make *this* the primary document.  The OpenID
Connect metadata could be registered in the IANA registry here, and
potentially even revised to reference this doc.

There are benefits moving that work here, we would have an IANA registry
for metadata, and reach a broader audience.

As for the well-known path, given one was already established for similar
metadata and has already been rolled out by many, can we just grandfather
that and tolerate the name mismatch for the sake of avoiding duplication?

On Sat, Feb 6, 2016 at 3:14 AM, Torsten Lodderstedt <torsten@lodderstedt.net
> wrote:

> I think the service discovery document (describing all the endpoints and
> features of the AS) is a valid starting point. That's basically how we use
> the OIDC discovery in the OAuth context today at DT. We refer partners to
> the openid-configuration document. Putting the data relevant to OAuth under
> .well_known/oauth would be more reasonable from a OAuth developer's
> perspective (in my opinion).
>
> We still have to learn, how clients really discover the location of this
> discovery document. We can come up with extensions for user id/resource
> service data based discovery at any time, if we
>
> kind regards,
> Torsten.
>
>
> Am 05.02.2016 um 01:34 schrieb Justin Richer:
>
> +1, if we define a webfinger/rel at all.
>
> I would rather we just define the service discovery document, the thing that lives under .well-known.
>
>  — Justin
>
>
>
> On Feb 4, 2016, at 4:01 AM, Roland Hedberg <roland.hedberg@umu.se> <roland.hedberg@umu.se> wrote:
>
> +1
>
>
> 4 feb 2016 kl. 08:10 skrev Phil Hunt <phil.hunt@oracle.com> <phil.hunt@oracle.com>om>:
>
> +1 for adoption.
>
> However I would like a rel value distinct from OpenID (see separate email). While the mechanics of discovery is the same, I believe some clients will want to distinguish between OAuth AS’s and OIDC OPs.  Further, I would expect over time that different discovery features may be required. Locking them together seems like a pre-mature or rush choice.
>
> Phil
>
> @independentidwww.independentid.comphil.hunt@oracle.com
>
>
>
>
>  On Feb 3, 2016, at 10:44 PM, William Denniss <wdenniss@google.com> <wdenniss@google.com> wrote:
>
> +1 for adoption of this document by the working group
>
> On Wed, Feb 3, 2016 at 10:27 PM, Mike Jones <Michael.Jones@microsoft.com> <Michael.Jones@microsoft.com> wrote:
> I support adoption of this document by the working group.  I'll note that elements of this specification are already in production use by multiple parties.
>
>                                -- Mike
>
> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org <oauth-bounces@ietf.org>] On Behalf Of Hannes Tschofenig
> Sent: Tuesday, January 19, 2016 3:49 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery
>
> Hi all,
>
> this is the call for adoption of OAuth 2.0 Discovery, seehttps://tools.ietf.org/html/draft-jones-oauth-discovery-00
>
> Please let us know by Feb 2nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.
>
> Note: If you already stated your opinion at the IETF meeting in Yokohama then you don't need to re-state your opinion, if you want.
>
> The feedback at the Yokohama IETF meeting was the following: 19 for / zero against / 4 persons need more information.
>
> Ciao
> Hannes & Derek
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>