IETF Logo Mail Archive

Re: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata

Mike Jones <Michael.Jones@microsoft.com> Tue, 07 March 2017 19:15 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4B912948F for <oauth@ietfa.amsl.com>; Tue, 7 Mar 2017 11:15:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Icu0CClDz9Zs for <oauth@ietfa.amsl.com>; Tue, 7 Mar 2017 11:15:04 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0109.outbound.protection.outlook.com [104.47.32.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3768E129426 for <oauth@ietf.org>; Tue, 7 Mar 2017 11:15:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4hS/bj9jQYFHAv0egmevN7E0sQjxm0y345FZElqZYV0=; b=RaWTYwEgVTRN86+1O7qFwZT/LE7XJCIClojDadHIe4Ppuwma5OE2uvJYIUFX/hETotwIYlziYglHXaw0eaDVilyWdGoCDasYoXpUIq5rMerJkL1ujTidHVbreLuu1DJj7sOgTWcvAjrlSX08UypfiF3RZWYfjKIsG53yA9j8imk=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.0; Tue, 7 Mar 2017 19:15:01 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.0947.007; Tue, 7 Mar 2017 19:15:01 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>, Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
Thread-Index: AQHSl3YIKIEalHSRaE6f6IzeTF3l+aGJvWRg
Date: Tue, 07 Mar 2017 19:15:01 +0000
Message-ID: <CY4PR21MB050414CEA13A865348AD036FF52F0@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <70253643-d036-e333-f94d-597039206777@gmx.net> <CY4PR21MB0504CEE31B03DDEDEB50B79DF52F0@CY4PR21MB0504.namprd21.prod.outlook.com> <fe5beedf-1f2e-cf15-f70d-361edacb47e7@gmx.net>
In-Reply-To: <fe5beedf-1f2e-cf15-f70d-361edacb47e7@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.83.32]
x-ms-office365-filtering-correlation-id: b38f0c3b-6960-48a9-4744-08d4658e412a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR21MB0504;
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0504; 7:iMV/MAYBr0G9b9yG/gHzuhpeJjy01w7w6iZ/3KuD4D8dyNOJTWPPMnZSHISUKik34QXaEBXtPi6llOGPYx2BWiGiyCFODNUhl2Cc9Znq0RQwd6EfCfsIcqwJFZJ0DQOdO7WwGTKVwfro0fG01HzZqLwh4T4ZXb9vxaeZy44m+yOxBs96UmUC7GsX0bhFFYXZvDmrbSFjoEeg7mdGVP4TARm/zXM4nBGYfCcAi7AAxbC2hOPDGe7CWmgec8N4G5iQvP6Qju1g8ikX8mIF5mYTMr+qw6/Qk8VOahjCMU06inNMJUvOz0rkCf/i9kmdew44Xwyr9HPyNuJ4X6dayTYM5smedymqts+U3Sv6WskY93o=
x-microsoft-antispam-prvs: <CY4PR21MB050415449F6A1BBCF6B96BAEF52F0@CY4PR21MB0504.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(248736688235697)(21532816269658)(146099531331640);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(6072148); SRVR:CY4PR21MB0504; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0504;
x-forefront-prvs: 0239D46DB6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(6009001)(39410400002)(39450400003)(39840400002)(39850400002)(39860400002)(377454003)(13464003)(24454002)(51914003)(99286003)(3660700001)(3280700002)(229853002)(8990500004)(305945005)(8676002)(2900100001)(106116001)(10090500001)(54356999)(2501003)(966004)(7736002)(8936002)(2906002)(86612001)(5005710100001)(10290500002)(33656002)(74316002)(81166006)(189998001)(76176999)(53376002)(102836003)(50986999)(6246003)(3846002)(6306002)(2950100002)(53936002)(25786008)(53546006)(122556002)(6506006)(5660300001)(9686003)(66066001)(77096006)(6436002)(6116002)(38730400002)(55016002)(7696004)(86362001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0504; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2017 19:15:01.8142 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0504
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/jvvnTfsd-OoQ397bcOiEwc8P1g0>
Subject: Re: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 19:15:06 -0000

OpenID Connect implementations are not required to implement this functionality but most do, by virtue of implementing the OpenID Connect metadata specified in https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata.  The OAuth AS Metadata spec is intentionally compatible with this specification.

If you want to include the compatible OpenID Connect examples, there are 34 ASs and 9 clients listed at http://openid.net/certification/ that implement metadata compatible with the AS metadata specification.  See the "Config OP" and "Config RP" columns.

The usage examples I provided in my previous reply were all OAuth examples that did not assume an implementation of OpenID Connect.

				Best wishes,
				-- Mike

-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] 
Sent: Tuesday, March 7, 2017 11:07 AM
To: Mike Jones <Michael.Jones@microsoft.com>; oauth@ietf.org; Phil Hunt <phil.hunt@oracle.com>
Subject: Re: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata

Hi Mike

thanks for the quick response and for the wording suggestions.

Regarding the implementations are OpenID Connect implementations required to implement this functionality?

On 03/07/2017 07:58 PM, Mike Jones wrote:
> 1) Implementation & deployment status of the spec
> 
> Microsoft has at least four deployments of the specification.
> William Denniss has said that Google uses the specification.  I 
> believe that Ping Identity also uses it.  The specification is used by 
> https://tools.ietf.org/html/draft-ietf-oauth-token-binding-01 and 
> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04.

Ciao
Hannes

v2.23.0 | Report a Bug | By Email