Re: [OAUTH-WG] Dynamic Client Registration
Igor Faynberg <igor.faynberg@alcatel-lucent.com> Wed, 18 April 2012 20:17 UTC
Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83A7521F8433 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2012 13:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.339
X-Spam-Level:
X-Spam-Status: No, score=-9.339 tagged_above=-999 required=5 tests=[AWL=1.260, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBfDWtMSJdW7 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2012 13:17:05 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id 8C10F11E8085 for <oauth@ietf.org>; Wed, 18 Apr 2012 13:17:04 -0700 (PDT)
Received: from usnavsmail4.ndc.alcatel-lucent.com (usnavsmail4.ndc.alcatel-lucent.com [135.3.39.12]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q3IKH3Ln016301 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Wed, 18 Apr 2012 15:17:03 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail4.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q3IKH3IJ004281 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <oauth@ietf.org>; Wed, 18 Apr 2012 15:17:03 -0500
Received: from [135.222.232.147] (USMUYN0L055118.mh.lucent.com [135.222.232.147]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q3IKH2R2020475; Wed, 18 Apr 2012 15:17:03 -0500 (CDT)
Message-ID: <4F8F213E.40003@alcatel-lucent.com>
Date: Wed, 18 Apr 2012 16:17:02 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: oauth@ietf.org
References: <5F51A14F-D548-4D29-B20F-5C3DCB3CB705@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE7F47@P3PWEX2MB008.ex2.secureserver.net> <6760C38E-7C0C-412F-A285-8F4CB2858F30@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2FE92E4@P3PWEX2MB008.ex2.secureserver.net> <4F8F1ACE.4030407@lodderstedt.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2FEFCD2@P3PWEX2MB008.ex2.secureserver.net> <4F8F1C83.2000107@lodderstedt.net>
In-Reply-To: <4F8F1C83.2000107@lodderstedt.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.12
Subject: Re: [OAUTH-WG] Dynamic Client Registration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2012 20:17:08 -0000
+1 for keeping registration and discovery separate. (As is typical, Torsten had beaten me to saying just what I was thinking about and preparing to to say. The only consolation is that he expressed it better than I would have.) Igor On 4/18/2012 3:56 PM, Torsten Lodderstedt wrote: > Hi Eran, > > thanks for pointing this out. I took a quick look on the document. > Seems the I-D combines registration and discovery. I think both should > be kept separat. So I would suggest to remove section 5 and the > dependency is gone. > > regards, > Torsten. > > Am 18.04.2012 21:51, schrieb Eran Hammer: >> Because it is in the draft the WG is suppose to consider. It's a >> stated dependency. >> >> EH >> >>> -----Original Message----- >>> From: Torsten Lodderstedt [mailto:torsten@lodderstedt.net] >>> Sent: Wednesday, April 18, 2012 12:50 PM >>> To: Eran Hammer >>> Cc: Hannes Tschofenig; oauth@ietf.org WG >>> Subject: Re: [OAUTH-WG] Dynamic Client Registration >>> >>> Hi Eran, >>> >>> why do you see a relationship between dynamic client registration and >>> discovery? Basically, we don't care so far how a client finds tokens >>> and end- >>> user authorization point. Why is this any different for the client >>> registration >>> endpoint (or the revocation endpoint)? Or do you have a bigger >>> picture in >>> mind? >>> >>> regards, >>> Torsten. >>> >>> Am 15.04.2012 22:36, schrieb Eran Hammer: >>>> Where did I say I'm not interested in this work?! >>>> >>>> All I was saying is that it would be better to postpone it until >>>> the discovery >>> layer, which this draft clearly relies upon, is a bit clearer. I >>> would be satisfied >>> with a simple note stating that if the discovery work at the APP >>> area isn't >>> complete, the WG may choose to delay work on this document until ready. >>>> EH >>>> >>>>> -----Original Message----- >>>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] >>>>> Sent: Sunday, April 15, 2012 9:01 AM >>>>> To: Eran Hammer >>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG >>>>> Subject: Re: [OAUTH-WG] Dynamic Client Registration >>>>> >>>>> Hi Eran, >>>>> >>>>> you are saying that you are not interested in the dynamic client >>>>> registration work and that's OK. There are, however, a couple of >>>>> other folks in the group who had expressed interest to work on it, to >>> review and to implement it. >>>>> Note also that the discovery and the dynamic client registration is >>>>> different from each other; there is a relationship but they are >>> nevertheless different. >>>>> Ciao >>>>> Hannes >>>>> >>>>> PS: Moving the Simple Web Discovery to the Apps area working group >>>>> does not mean that it will not be done. On the contrary there will be >>>>> work happing and we are just trying to figure out what the difference >>>>> between SWD and WebFinger is. >>>>> >>>>> On Apr 15, 2012, at 9:14 AM, Eran Hammer wrote: >>>>> >>>>>> I'd like to see 'Dynamic Client Registration' removed from the >>>>>> charter along >>>>> with SWD for the sole reason that figuring out a generic discovery >>>>> mechanism is going to take some time and this WG has enough other >>>>> work to focus on while that happens elsewhere. I expect this to come >>>>> back in the next round with much more deployment experience and >>> discovery clarity. >>>>>> EH >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On >>>>>>> Behalf Of Hannes Tschofenig >>>>>>> Sent: Friday, April 13, 2012 7:36 AM >>>>>>> To: oauth@ietf.org WG >>>>>>> Subject: [OAUTH-WG] Dynamic Client Registration >>>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> at the IETF#83 OAuth working group meeting we had some confusion >>>>>>> about the Dynamic Client Registration and the Simple Web Discovery >>>>>>> item. I just listened to the audio recording again. >>>>>>> >>>>>>> With the ongoing mailing list discussion regarding WebFinger vs. >>>>>>> Simple Web Discovery I hope that folks had a chance to look at the >>>>>>> documents again and so the confusion of some got resolved. >>>>>>> >>>>>>> I believe the proposed new charter item is sufficiently clear with >>>>>>> regard to the scope of the work. Right? >>>>>>> Here is the item again: >>>>>>> " >>>>>>> Jul. 2013 Submit 'OAuth Dynamic Client Registration Protocol' to >>>>>>> the IESG for consideration as a Proposed Standard >>>>>>> >>>>>>> [Starting point for the work will be >>>>>>> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg >>>>>>> ] >>>>>>> " >>>>>>> >>>>>>> Of course there there is a relationship between Simple Web >>>>>>> Discovery (or >>>>>>> WebFinger) and the dynamic client registration since the client >>>>>>> first needs to discover the client registration endpoint at the >>>>>>> authorization server before interacting with it. >>>>>>> >>>>>>> Now, one thing that just came to my mind when looking again at >>>>>>> draft- hardjono-oauth-dynreq was the following: Could the Client >>>>>>> Registration Request and Response protocol exchange could become a >>>>>>> profile of the SCIM protocol? In some sense this exchange is >>>>>>> nothing else than provisioning an account at the Authorization >>>>>>> Server (along with >>>>> some meta-data). >>>>>>> Is this too far fetched? >>>>>>> >>>>>>> Ciao >>>>>>> Hannes >>>>>>> >>>>>>> _______________________________________________ >>>>>>> OAuth mailing list >>>>>>> OAuth@ietf.org >>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Eve Maler
- Re: [OAUTH-WG] Dynamic Client Registration William Mills
- Re: [OAUTH-WG] Dynamic Client Registration Eran Hammer
- Re: [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Eran Hammer
- Re: [OAUTH-WG] Dynamic Client Registration Derek Atkins
- Re: [OAUTH-WG] Dynamic Client Registration Torsten Lodderstedt
- Re: [OAUTH-WG] Dynamic Client Registration Eran Hammer
- Re: [OAUTH-WG] Dynamic Client Registration Torsten Lodderstedt
- Re: [OAUTH-WG] Dynamic Client Registration Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration Eran Hammer
- Re: [OAUTH-WG] Dynamic Client Registration Igor Faynberg
- [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration Richer, Justin P.
- Re: [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration Richer, Justin P.
- [OAUTH-WG] Dynamic Client Registration Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration Richer, Justin P.
- Re: [OAUTH-WG] Dynamic Client Registration Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration Richer, Justin P.
- Re: [OAUTH-WG] Dynamic Client Registration John Bradley