[OAUTH-WG] OAuth Discovery spec pared down to its essence

Mike Jones <Michael.Jones@microsoft.com> Thu, 18 February 2016 06:48 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CFD1B3700 for <oauth@ietfa.amsl.com>; Wed, 17 Feb 2016 22:48:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJcVfwzf9Ry5 for <oauth@ietfa.amsl.com>; Wed, 17 Feb 2016 22:48:25 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0145.outbound.protection.outlook.com [65.55.169.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85B031B36FC for <oauth@ietf.org>; Wed, 17 Feb 2016 22:48:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=47AgaeOeGzz3JFlpHmggkBe6E2LZT+MBZgI6MB9HsfY=; b=i7Jv9gLlxe7alwexEM3hCWj9YTcgiuATUIuiBnFm7+7ZBts2j5RrMjMxYsfjmzeXhxkbCJ+bpoIqmZakl7o4g4rEmX+1ak5DxOoKhvBmnZ/05pv6OVS9Y5B8kS7BsKNWMohkWWFtirMNsFHN1yrlatcA6Fy90bHqqf8eVtjQQ2k=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB444.namprd03.prod.outlook.com (10.141.141.154) with Microsoft SMTP Server (TLS) id 15.1.409.15; Thu, 18 Feb 2016 06:48:22 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0409.017; Thu, 18 Feb 2016 06:48:22 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth Discovery spec pared down to its essence
Thread-Index: AdFqFQkhCqRsHpNHQ7yss0+yEvGHSA==
Date: Thu, 18 Feb 2016 06:48:22 +0000
Message-ID: <BY2PR03MB44236EF33376F8C2BB135E8F5AF0@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.85.157]
x-ms-office365-filtering-correlation-id: 9d276bec-2340-4107-ae08-08d3382f7e9d
x-microsoft-exchange-diagnostics: 1; BY2PR03MB444; 5:kHd/AcP3u3QuyNuyHOt9lDlpy+Q0tkHnIzlbapjdJMnlIjrfFixurQwfnv/W6dYdOZMgAThm5dX35I3pnc/QeNjWzs4NYun7SuyqkOK6frCOfngngT2ALg4iQ2ekiuv7DL6tmBG858Eed1PEqb2L4Q==; 24:O5/Kl2IWyahjXqdNqz4unvDBPa9w3nLZVf97Q4MtKbTveFh61P5fukMmydYDT6TkVsUNCDx/HV0+BwBvgt4H/wDemSbwyAAyWT7mponH+cQ=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB444;
x-microsoft-antispam-prvs: <BY2PR03MB444F4F1920DAA1455E7ADD9F5AF0@BY2PR03MB444.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(61426038)(61427038); SRVR:BY2PR03MB444; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB444;
x-forefront-prvs: 085634EFF4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(5008740100001)(15975445007)(33656002)(1096002)(19580395003)(5003600100002)(11100500001)(74316001)(229853001)(3280700002)(2351001)(450100001)(66066001)(1220700001)(5002640100001)(87936001)(54356999)(6116002)(1730700002)(189998001)(790700001)(40100003)(5001960100002)(122556002)(10090500001)(107886002)(8990500004)(5005710100001)(10400500002)(102836003)(16236675004)(3846002)(19300405004)(92566002)(99286002)(5004730100002)(19617315012)(3660700001)(19625215002)(76576001)(110136002)(10290500002)(586003)(2900100001)(77096005)(50986999)(2906002)(2501003)(86362001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB444; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB44236EF33376F8C2BB135E8F5AF0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2016 06:48:22.3565 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB444
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/rEdLnrI4SbuLZp62_mnlvZ1aYOU>
Subject: [OAUTH-WG] OAuth Discovery spec pared down to its essence
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 06:48:29 -0000

In response to working group input, this version of the OAuth Discovery specification has been pared down to its essence - leaving only the features that are already widely deployed.  Specifically, all that remains is the definition of the authorization server discovery metadata document and the metadata values used in it.  The WebFinger discovery logic has been removed.  The relationship between the issuer identifier URL and the well-known URI path relative to it at which the discovery metadata document is located has also been clarified.

Given that this now describes only features that are in widespread deployment, the editors believe that this version is ready for working group last call.

The specification is available at:

*       http://tools.ietf.org/html/draft-ietf-oauth-discovery-01

An HTML-formatted version is also available at:

*       http://self-issued.info/docs/draft-ietf-oauth-discovery-01.html

                                                          -- Mike & Nat & John

P.S.  This notice was also posted at http://self-issued.info/?p=1544 and as @selfissued<https://twitter.com/selfissued>.