IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth Discovery

Justin Richer <jricher@mit.edu> Thu, 26 November 2015 14:37 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89E091B3A5B for <oauth@ietfa.amsl.com>; Thu, 26 Nov 2015 06:37:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.785
X-Spam-Level:
X-Spam-Status: No, score=-4.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fE-D6FAIZQIg for <oauth@ietfa.amsl.com>; Thu, 26 Nov 2015 06:37:50 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1D971B3A53 for <oauth@ietf.org>; Thu, 26 Nov 2015 06:37:49 -0800 (PST)
X-AuditID: 12074423-f797f6d0000023d0-49-5657193c7252
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 5C.C7.09168.C3917565; Thu, 26 Nov 2015 09:37:48 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id tAQEblPk031419; Thu, 26 Nov 2015 09:37:48 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAQEbko6008165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 26 Nov 2015 09:37:47 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_7C1FAAE5-AA3F-4D7E-936E-7A2F3A3F33AD"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <565717A0.7080805@connect2id.com>
Date: Thu, 26 Nov 2015 09:37:45 -0500
Message-Id: <63869603-8710-47D6-8CFA-2A6FC18A8603@mit.edu>
References: <BY2PR03MB4420981B312D92924AD6BFFF5050@BY2PR03MB442.namprd03.prod.outlook.com> <565717A0.7080805@connect2id.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
X-Mailer: Apple Mail (2.2104)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjleLIzCtJLcpLzFFi42IRYrdT0bWRDA8zmPBKz+Lk21dsFu/efWB0 YPKY/7mF1WPJkp9MAUxRXDYpqTmZZalF+nYJXBn3Gi6xFnSEV3Te2srcwLjRs4uRk0NCwERi 5fdfLBC2mMSFe+vZQGwhgcVMEuue53cxcgHZGxklTtzezQLhPGSSaF39hhWkilkgQeLtxH9g HbwCehKvbl0GiwsLqEvc2bCGHcRmE1CVmL6mhamLkYODE6im53QySJgFKPxsw282kDAzUHn7 SReIKVYS89c9ZoW4oUZi5oU/zCC2iICBxOPX55kh7pSV2P37EdMERoFZSI6YheQIiLi2xLKF r5khbAOJp52vsIjrS7x5N4dpASPbKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl0zvdzMEr3UlNJN jOBgd1HewfjnoNIhRgEORiUe3gLbsDAh1sSy4srcQ4ySHExKorzyguFhQnxJ+SmVGYnFGfFF pTmpxYcYJTiYlUR4b7EA5XhTEiurUovyYVLSHCxK4rxzv/iGCQmkJ5akZqemFqQWwWRlODiU JHg3SgA1ChalpqdWpGXmlCCkmTg4QYbzAA3PAanhLS5IzC3OTIfIn2JUlBLnLQRJCIAkMkrz 4HpBySjh7WHTV4ziQK8I83aLA1XxABMZXPcroMFMQIMjckJBBpckIqSkGhi3H2iODhF9dMhR PmYLw51OhgUv/gg4ueRz2ZqeDU02FlJ7tVvLf65RrFSO5Ypmq9Tk9RExOa+jfi8uF/ewTf18 TuRljRwzu/baeuuWOd/De/6ttp/Fc+hLkcKfeUb3lgVtSJ0+a5UDj+6dL04i3z0Ovy5geeCz 67WfTX9bzbfT/ezzlzv72CixFGckGmoxFxUnAgBvoHdcIQMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/hDOnQzxhLJdLcosHB2lS7u7E3IE>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2015 14:37:52 -0000

Those should be handled separately if they’re to be added to discovery.

 — Justin

> On Nov 26, 2015, at 9:30 AM, Vladimir Dzhuvinov <vladimir@connect2id.com> wrote:
> 
> Good work, Mike, John, Nat!
> 
> I see that the introspection and revocation endpoints are included now (they've been missing in OpenID discovery).
> 
> Regarding client authentication, would it make sense to let token_endpoint_auth_methods_supported apply to the introspection and revocation endpoints as well?
> 
> token_endpoint_auth_methods_supported
>       OPTIONAL.  JSON array containing a list of client authentication
>       methods supported by this token endpoint.  Client authentication
>       method values are used in the "token_endpoint_auth_method"
>       parameter defined in Section 2 of [RFC7591] <http://tools.ietf.org/html/rfc7591#section-2>.  If omitted, the
>       default is "client_secret_basic" -- the HTTP Basic Authentication
>       Scheme specified in Section 2.3.1 <http://tools.ietf.org/html/draft-jones-oauth-discovery-00#section-2.3.1> of OAuth 2.0 [RFC6749 <http://tools.ietf.org/html/rfc6749>].
> 
> 
> Vladimir
> 
> On 26.11.2015 01:37, Mike Jones wrote:
>> I'm pleased to announce that Nat Sakimura, John Bradley, and I have created an OAuth 2.0 Discovery specification.  This fills a hole in the current OAuth specification set that is necessary to achieve interoperability.  Indeed, the Interoperability section of OAuth 2.0 <https://tools.ietf.org/html/rfc6749#section-1.8> <https://tools.ietf.org/html/rfc6749#section-1.8> states:
>> 
>> In addition, this specification leaves a few required components partially or fully undefined (e.g., client registration, authorization server capabilities, endpoint discovery).  Without these components, clients must be manually and specifically configured against a specific authorization server and resource server in order to interoperate.
>> 
>> 
>> 
>> This framework was designed with the clear expectation that future work will define prescriptive profiles and extensions necessary to achieve full web-scale interoperability.
>> 
>> This specification enables discovery of both endpoint locations and authorization server capabilities.
>> 
>> This specification is based upon the already widely deployed OpenID Connect Discovery 1.0<http://openid.net/specs/openid-connect-discovery-1_0.html> <http://openid.net/specs/openid-connect-discovery-1_0.html> specification and is compatible with it, by design.  The OAuth Discovery spec removes the portions of OpenID Connect Discovery that are OpenID specific and adds metadata values for Revocation and Introspection endpoints.  It also maps OpenID concepts, such as OpenID Provider, Relying Party, End-User, and Issuer to their OAuth underpinnings, respectively Authorization Server, Client, Resource Owner, and the newly introduced Configuration Information Location.  Some identifiers with names that appear to be OpenID specific were retained for compatibility purposes; despite the reuse of these identifiers that appear to be OpenID specific, their usage in this specification is actually referring to general OAuth 2.0 features that!
>>   are not 
>>  s
>> pecific to OpenID Connect.
>> 
>> The specification is available at:
>> 
>> *         http://tools.ietf.org/html/draft-jones-oauth-discovery-00 <http://tools.ietf.org/html/draft-jones-oauth-discovery-00>
>> 
>> An HTML-formatted version is also available at:
>> 
>> *         http://self-issued.info/docs/draft-jones-oauth-discovery-00.html <http://self-issued.info/docs/draft-jones-oauth-discovery-00.html>
>> 
>>                                                                 -- Mike
>> 
>> P.S.  This note was also posted at http://self-issued.info/?p=1496 <http://self-issued.info/?p=1496> and as @selfissued<https://twitter.com/selfissued> <https://twitter.com/selfissued>.
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email