IETF Logo Mail Archive

Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Mike Jones <Michael.Jones@microsoft.com> Thu, 10 March 2016 11:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BFA912D6B6 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:33:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyaKob7Nadm7 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 03:33:27 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0134.outbound.protection.outlook.com [65.55.169.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D841712D6A9 for <oauth@ietf.org>; Thu, 10 Mar 2016 03:33:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=92BFEd86HOm4ck8G8/jYwD5J/fIKkiipBPgt645Iio0=; b=ElRC1F196SOU/1MxAHkV7O61fzCzcsTO1PwtOiumx2Lx9YJAEnZ3N3RaeK0dNHB1NN6Rf6fM0qyg2VceX8vsCUyKqtcXkybK2zN9JIojWd+uoKXnJ1m065l0jFEE5KcOR14Gr7aC//ZbnaAJXn/773eGZvY5I6zmmybevY64qlY=
Received: from SN1PR0301MB1645.namprd03.prod.outlook.com (10.162.130.139) by SN1PR0301MB1646.namprd03.prod.outlook.com (10.162.130.140) with Microsoft SMTP Server (TLS) id 15.1.427.16; Thu, 10 Mar 2016 11:33:22 +0000
Received: from SN1PR0301MB1645.namprd03.prod.outlook.com ([10.162.130.139]) by SN1PR0301MB1645.namprd03.prod.outlook.com ([10.162.130.139]) with mapi id 15.01.0427.019; Thu, 10 Mar 2016 11:33:22 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Samuel Erdtman <samuel@erdtman.se>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
Thread-Index: AQHRalH0aW6XIA1+zU6W/8nt5o9Vup9SaC2AgABAvnA=
Date: Thu, 10 Mar 2016 11:33:22 +0000
Message-ID: <SN1PR0301MB1645E0CD7293E541DC2AA993F5B40@SN1PR0301MB1645.namprd03.prod.outlook.com>
References: <56C5C9D5.6040703@gmx.net> <CAF2hCbbjgoyCza=dM24h9KALuG=jkt24AZsWhTFWnnhxE11oGA@mail.gmail.com>
In-Reply-To: <CAF2hCbbjgoyCza=dM24h9KALuG=jkt24AZsWhTFWnnhxE11oGA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: erdtman.se; dkim=none (message not signed) header.d=none;erdtman.se; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.244.136.197]
x-ms-office365-filtering-correlation-id: b510035f-1a7a-4944-0152-08d348d7c9b1
x-microsoft-exchange-diagnostics: 1; SN1PR0301MB1646; 5:7GunmJHciIbk3Y2kVqeyirdTkv5Jz8N2NKm6u7ND61Z9J1lHp4rJhXECbNmDLDDrkoWx4u8Ty9l79JWCQhwHJ0BE+Rv3UwJ/5doepYX+62bJ2q2rvEBROqubBa4yOJb6nZAIZknkIyLsPVzclw4jRw==; 24:cniQVXMxeb1BLz+02FOBTF0aVp1tp/Lbu21j8xJ/DwlMSah6OmJac+sbE/8H3VUaw8fDsQjSa3xFe+O6jbF4C7LltYck7+AbjFgW1lR+OWM=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR0301MB1646;
x-microsoft-antispam-prvs: <SN1PR0301MB16461C3B8FB18A63D7390967F5B40@SN1PR0301MB1646.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(61426038)(61427038); SRVR:SN1PR0301MB1646; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0301MB1646;
x-forefront-prvs: 08770259B4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(53754006)(77096005)(19580405001)(1096002)(76576001)(122556002)(86612001)(86362001)(189998001)(3280700002)(54356999)(50986999)(5003600100002)(76176999)(5002640100001)(19300405004)(5001770100001)(4326007)(3660700001)(586003)(10090500001)(1220700001)(102836003)(5008740100001)(99286002)(19617315012)(10400500002)(2906002)(6116002)(19609705001)(3846002)(15975445007)(5005710100001)(11100500001)(5004730100002)(106116001)(66066001)(87936001)(16236675004)(19580395003)(33656002)(10290500002)(19625215002)(790700001)(81166005)(92566002)(2900100001)(74316001)(575784001)(2950100001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR0301MB1646; H:SN1PR0301MB1645.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR0301MB1645E0CD7293E541DC2AA993F5B40SN1PR0301MB1645_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2016 11:33:22.6642 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0301MB1646
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/nolgxQNizljeQRa-jvX5KeYmXHo>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 11:33:29 -0000

Thanks for your comments, Samuel.  Yes, you’re right that jwks_uri should be OPTIONAL, since not all use cases need keys.  Likewise, registration_endpoint should be OPTIONAL, rather than RECOMMENDED.

The grant_type values are defined in OAuth Dynamic Client Registration [RFC 7591] and are identifiers for the grant type concept defined in RFC 6749.  They identify the grant types that can be used at the Token Endpoint.  The response_type concept is defined in RFC 6749, and identifies a response syntax from the authorization endpoint.  We can say more to differentiate these in the next draft.

BTW, lest it be in doubt, I support this draft moving forward, with the name changed to “OAuth 2.0 Authorization Server Discovery” or “OAuth 2.0 Authorization Server Discovery Metadata” – as discussed in the thread “OAuth 2.0 Discovery Location”.  I’m also open to introducing the “/.well-known/oauth-authorization-server” identifier, as discussed in that thread.

                                                          -- Mike

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Samuel Erdtman
Sent: Wednesday, March 9, 2016 11:28 PM
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

Hi,

I sent a few comments two weeks ago that has not been explicitly commented on. (I might have sent them in the wrong way, if so sorry about that)

https://mailarchive.ietf.org/arch/msg/oauth/Z0LCBuvFDCQTd4xfwoddlbC2P7w

Most of the comments are minor but I would like to se
jwks_uri to be changed from REQUIRED to OPTIONAL or RECOMMENDED
and at least get a comment of the difference between response_types_supported and grant_types_supported

Best regards
//Samuel




On Thu, Feb 18, 2016 at 2:40 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> wrote:
Hi all,

This is a Last Call for comments on the  OAuth 2.0 Discovery specification:
https://tools.ietf.org/html/draft-ietf-oauth-discovery-01

Since this document was only adopted recently we are running this last
call for **3 weeks**.

Please have your comments in no later than March 10th.

Ciao
Hannes & Derek


_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email