Re: [OAUTH-WG] Dynamic Client Registration

Hannes Tschofenig <> Sun, 15 April 2012 16:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0762821F87EF for <>; Sun, 15 Apr 2012 09:01:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.554
X-Spam-Status: No, score=-102.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FR822yxjZm8D for <>; Sun, 15 Apr 2012 09:01:18 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id D5AE621F87EC for <>; Sun, 15 Apr 2012 09:01:17 -0700 (PDT)
Received: (qmail invoked by alias); 15 Apr 2012 16:01:15 -0000
Received: from (EHLO []) [] by (mp001) with SMTP; 15 Apr 2012 18:01:15 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX180oIw4Zns0AKenXbZidHTGOIeLg+wl/ssmh5kwkr sTeDWdW1+Q6wh2
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <>
In-Reply-To: <>
Date: Sun, 15 Apr 2012 19:01:14 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: Eran Hammer <>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: " WG" <>
Subject: Re: [OAUTH-WG] Dynamic Client Registration
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 15 Apr 2012 16:01:19 -0000

Hi Eran, 

you are saying that you are not interested in the dynamic client registration work and that's OK. There are, however, a couple of other folks in the group who had expressed interest to work on it, to review and to implement it. 

Note also that the discovery and the dynamic client registration is different from each other; there is a relationship but they are nevertheless different. 


PS: Moving the Simple Web Discovery to the Apps area working group does not mean that it will not be done. On the contrary there will be work happing and we are just trying to figure out what the difference between SWD and WebFinger is. 

On Apr 15, 2012, at 9:14 AM, Eran Hammer wrote:

> I'd like to see 'Dynamic Client Registration' removed from the charter along with SWD for the sole reason that figuring out a generic discovery mechanism is going to take some time and this WG has enough other work to focus on while that happens elsewhere. I expect this to come back in the next round with much more deployment experience and discovery clarity.
> EH
>> -----Original Message-----
>> From: [] On Behalf
>> Of Hannes Tschofenig
>> Sent: Friday, April 13, 2012 7:36 AM
>> To: WG
>> Subject: [OAUTH-WG] Dynamic Client Registration
>> Hi all,
>> at the IETF#83 OAuth working group meeting we had some confusion about
>> the Dynamic Client Registration and the Simple Web Discovery item. I just
>> listened to the audio recording again.
>> With the ongoing mailing list discussion regarding WebFinger vs. Simple Web
>> Discovery I hope that folks had a chance to look at the documents again and
>> so the confusion of some got resolved.
>> I believe the proposed new charter item is sufficiently clear with regard to
>> the scope of the work. Right?
>> Here is the item again:
>> "
>> Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the IESG for
>> consideration as a Proposed Standard
>> [Starting point for the work will be
>> ]
>> "
>> Of course there there is a relationship between Simple Web Discovery (or
>> WebFinger) and the dynamic client registration since the client first needs to
>> discover the client registration endpoint at the authorization server before
>> interacting with it.
>> Now, one thing that just came to my mind when looking again at draft-
>> hardjono-oauth-dynreq was the following: Could the Client Registration
>> Request and Response protocol exchange could become a profile of the
>> SCIM protocol? In some sense this exchange is nothing else than provisioning
>> an account at the Authorization Server (along with some meta-data).
>> Is this too far fetched?
>> Ciao
>> Hannes
>> _______________________________________________
>> OAuth mailing list