Re: [OAUTH-WG] Initial OAuth working group Discovery specification

"Phil Hunt (IDM)" <phil.hunt@oracle.com> Tue, 09 February 2016 22:39 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B06D1B2CE1 for <oauth@ietfa.amsl.com>; Tue, 9 Feb 2016 14:39:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3
X-Spam-Level:
X-Spam-Status: No, score=-3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_27=0.6, J_CHICKENPOX_92=0.6, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1Gpwvh9Zxs0 for <oauth@ietfa.amsl.com>; Tue, 9 Feb 2016 14:39:52 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFD351ACCED for <oauth@ietf.org>; Tue, 9 Feb 2016 14:39:51 -0800 (PST)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u19Mdnmp012400 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 9 Feb 2016 22:39:49 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u19Mdn8Z024535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 9 Feb 2016 22:39:49 GMT
Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u19MdlIN027312; Tue, 9 Feb 2016 22:39:47 GMT
Received: from [10.229.147.29] (/24.244.23.138) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 09 Feb 2016 14:39:47 -0800
Content-Type: multipart/alternative; boundary=Apple-Mail-C008F5DA-1860-4F15-82EE-A565BE8FEAD0
Mime-Version: 1.0 (1.0)
From: "Phil Hunt (IDM)" <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (13D15)
In-Reply-To: <2CB5C3E1-BF3B-4766-8761-CAF54F3C5170@ve7jtb.com>
Date: Tue, 9 Feb 2016 14:39:45 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <F0681C96-1AFA-472C-899F-3E6952292DAA@oracle.com>
References: <BY2PR03MB4427E9DAFDE674F71F6074AF5D60@BY2PR03MB442.namprd03.prod.outlook.com> <F6DD25EE-8B49-45E4-BACC-872CA98F2D7B@mit.edu> <2CB5C3E1-BF3B-4766-8761-CAF54F3C5170@ve7jtb.com>
To: John Bradley <ve7jtb@ve7jtb.com>
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/iUhR-LjlM6lBnPijM7wqOHj58ic>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Initial OAuth working group Discovery specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2016 22:39:54 -0000

Another example is to look at scim discovery(in contrast with connect).

When asked separately the answers may be different. 

Asking what is the oauth server for scim is yet another relation.  So may be we need a scheme for oauth where query is rs:someval and optionally an acnt value to. 

For example
Get ./well-known/webfinger?rel=oauth&query=rs:scim&acnt:phunt@example.com

Note i probably have the compound query syntax wrong. 

Phil

> On Feb 9, 2016, at 14:03, John Bradley <ve7jtb@ve7jtb.com> wrote:
> 
> If we keep webfinger I don’t think that having a generic OAuth rel makes sense.   It should be up to each API/Protocol to define it’s own rel value like Connect has done.
> 
> It is not reasonable to think that a persons ID provider is going to be the same as the one for calendaring or photo sharing.
> 
> So I could go two ways with webfinger,  leave it out completely, or leave it in but make it up to the application to define a rel value.
> I expect that some things using UMA in web-finger would point directly to the resource and the resource would point the client at the correct UMA server.
> 
> The config file name in .well-known could stay as openid-configuration for historical reasons or we could change it.
> 
> I think we first need to decide if every protocol/API is going to have its own config file, we are going to get apps to retrieve multiple files,  or everything is going to go into one config-file and applicatins just add to that?
> 
> I prefer not to change the file name if we are going for one config file, but if we do one alias/link is probably not the end of the world, as I doubt people will ever remove openid-configuration one if they have it now.
> 
> John B.
> 
>  
>> On Feb 9, 2016, at 2:19 PM, Justin Richer <jricher@mit.edu> wrote:
>> 
>> Mike, thanks for putting this up.
>> 
>> 
>> I would like to propose for two changes that have been brought up before:
>> 
>> 1) The wholesale removal of section 2, Webfinger lookup. 
>> 
>> 2) The changing of "/.well-known/openid-configuration” to "/.well-known/oauth-authorization-server” or something else not openid-related.
>> 
>> 
>> 
>>  — Justin
>> 
>> 
>>> On Feb 9, 2016, at 9:09 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
>>> 
>>> We have created the initial working group version of OAuth Discovery based on draft-jones-oauth-discovery-01, with no normative changes.
>>>  
>>> The specification is available at:
>>> ·       http://tools.ietf.org/html/draft-ietf-oauth-discovery-00
>>>  
>>> An HTML-formatted version is also available at:
>>> ·       http://self-issued.info/docs/draft-ietf-oauth-discovery-00.html
>>>  
>>>                                                           -- Mike
>>>  
>>> P.S.  This notice was also posted at http://self-issued.info/?p=1534 and as @selfissued.
>>>  
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth