IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth Discovery and what the relying party needs to know

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Wed, 09 May 2012 18:42 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA2F21F856A for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 11:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8lv-7GZM1kQ for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 11:42:34 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id D2EBA21F846B for <oauth@ietf.org>; Wed, 9 May 2012 11:42:33 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 18:42:32 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp071) with SMTP; 09 May 2012 20:42:32 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/5S7UhV7X5d3u76oQ7DqX5wh2WCGv+W91/wPw0PF thWZibus4A8UJ1
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
Date: Wed, 09 May 2012 21:42:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
To: John Bradley <ve7jtb@ve7jtb.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: kitten@ietf.org, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:42:35 -0000

Hi John, 

does the "identifier" contain of a domain part AND a username part or only the domain part? 
That's the crucial question here. 

Ciao
Hannes

On May 9, 2012, at 9:20 PM, John Bradley wrote:

> For openID Connect we are using the identifier to discover the AS.   We refer to that as an issuer,  and perform a second discovery step to get the configuration (Auth endpoint, token endpoint, user_info endpoint and other config) for that issuer.
> 
> SWD/WF may be used for other things by other protocols, but our use is quite simple.
> 
> I think that is probably the same thing for SASL,  but others may think differently.
> 
> John B.
> 
> 
> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
> 
>> Hi guys, 
>> 
>> at the last IIW we had a discussion about SASL-OAuth and what the SASL server needs to know for discovery. 
>> The discovery discussions around WebFinger go in the same directions. 
>> 
>> So, I have been wondering whether we have made an informed decision about how the discovery procedure is actually supposed to look like. 
>> 
>> In my view, the relying party (the client) only needs to know who the identity provider (the AS/RS) is. 
>> 
>> Any other views? 
>> 
>> Ciao
>> Hannes
>> 
>> PS: Please let me know if I should provide more background about the issue. 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email