Re: [OAUTH-WG] Initial OAuth working group Discovery specification

John Bradley <ve7jtb@ve7jtb.com> Tue, 09 February 2016 22:03 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E64E51B2A9C for <oauth@ietfa.amsl.com>; Tue, 9 Feb 2016 14:03:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNgIbFjQlohT for <oauth@ietfa.amsl.com>; Tue, 9 Feb 2016 14:03:57 -0800 (PST)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BFE71B2A9A for <oauth@ietf.org>; Tue, 9 Feb 2016 14:03:56 -0800 (PST)
Received: by mail-qk0-x234.google.com with SMTP id s68so385202qkh.3 for <oauth@ietf.org>; Tue, 09 Feb 2016 14:03:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=7fc2nYgI4DC5htrODVd73tgfZWdUNy5U8E70EE5BzH8=; b=PIy9wOu1LVHSFazLG+YuJCViBKGj9h+l5tx2Ttp+B7TfnZa+F9sLJdsqrPtrsNPlv1 Yy/VjzgE3etwh0+pOOEnNCyeA01WQLeg60HwyeudBCVJjd0Dw+9axM16yc+TxfhF50lK PfNEFwSqqxzBv0vpOTHMfQy2J/kP5bDVsRjcvuODMdslq188mFEQOPMafSOGgsYX/3P5 B4/Q+Z/nCQnl0K7naJMt2c9//XfTeix3tcAot7SCU2mwiEJKVofT0+aroJcjlFaWcsR+ oXwQUTZhc1tN/1SV6Q2cKvI79cTyu25yosnDbWIkSpwIvqzVfUSgqoUwy2+FPrRAj4ui kzyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=7fc2nYgI4DC5htrODVd73tgfZWdUNy5U8E70EE5BzH8=; b=Oenx8+5+uVUvrwWaFcLvgkyEi4b5gpyB2P+6NLeprUsdljnNh0GhlrXYTUAD8bgOa1 IowRm35NPWDl26kmRGmVB4DZTePRjwSpCXspaweRuFxGjedPioudOdZMp1Ad00paUQwV oIamdsS6Rxovq+ydiPnG9qOznAerPxNjs+kbp/AjyOE//dokSIIVL1m58kt3eFyz1z5Z koL0q8oqROoXXxbKF7HIIIfjwS+fuRVo9yeEDTSbxl5ccMJqHtteVS/naxNkRCEyue0q ugh2F7sCH7iQ+IyYlrMWhxwPaaF5/wSdGM5BkhJLAj1BvhYp57tCwdYzl68TzSVErcW3 usrQ==
X-Gm-Message-State: AG10YOTWpUc4p9aORZ+lI4kmwmsJxjcNvK7k1AxevavXpRoYIbgRytoQwd9+16uDXYI5Dg==
X-Received: by 10.55.53.207 with SMTP id c198mr43906756qka.24.1455055435975; Tue, 09 Feb 2016 14:03:55 -0800 (PST)
Received: from [192.168.8.100] ([181.202.64.23]) by smtp.gmail.com with ESMTPSA id e184sm21986qkb.40.2016.02.09.14.03.54 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 09 Feb 2016 14:03:55 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_1CCAC1AA-4958-4EA9-8112-50E7413043AD"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <F6DD25EE-8B49-45E4-BACC-872CA98F2D7B@mit.edu>
Date: Tue, 9 Feb 2016 19:03:51 -0300
Message-Id: <2CB5C3E1-BF3B-4766-8761-CAF54F3C5170@ve7jtb.com>
References: <BY2PR03MB4427E9DAFDE674F71F6074AF5D60@BY2PR03MB442.namprd03.prod.outlook.com> <F6DD25EE-8B49-45E4-BACC-872CA98F2D7B@mit.edu>
To: Justin Richer <jricher@mit.edu>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/xs0PzDsOt6O2jdDmDqkONiwa45g>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Initial OAuth working group Discovery specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2016 22:04:00 -0000

If we keep webfinger I don’t think that having a generic OAuth rel makes sense.   It should be up to each API/Protocol to define it’s own rel value like Connect has done.

It is not reasonable to think that a persons ID provider is going to be the same as the one for calendaring or photo sharing.

So I could go two ways with webfinger,  leave it out completely, or leave it in but make it up to the application to define a rel value.
I expect that some things using UMA in web-finger would point directly to the resource and the resource would point the client at the correct UMA server.

The config file name in .well-known could stay as openid-configuration for historical reasons or we could change it.

I think we first need to decide if every protocol/API is going to have its own config file, we are going to get apps to retrieve multiple files,  or everything is going to go into one config-file and applicatins just add to that?

I prefer not to change the file name if we are going for one config file, but if we do one alias/link is probably not the end of the world, as I doubt people will ever remove openid-configuration one if they have it now.

John B.

 
> On Feb 9, 2016, at 2:19 PM, Justin Richer <jricher@mit.edu> wrote:
> 
> Mike, thanks for putting this up.
> 
> 
> I would like to propose for two changes that have been brought up before:
> 
> 1) The wholesale removal of section 2, Webfinger lookup. 
> 
> 2) The changing of "/.well-known/openid-configuration” to "/.well-known/oauth-authorization-server” or something else not openid-related.
> 
> 
> 
>  — Justin
> 
> 
>> On Feb 9, 2016, at 9:09 AM, Mike Jones <Michael.Jones@microsoft.com <mailto:Michael.Jones@microsoft.com>> wrote:
>> 
>> We have created the initial working group version of OAuth Discovery based on draft-jones-oauth-discovery-01, with no normative changes.
>>  
>> The specification is available at:
>> ·       http://tools.ietf.org/html/draft-ietf-oauth-discovery-00 <http://tools.ietf.org/html/draft-ietf-oauth-discovery-00>
>>  
>> An HTML-formatted version is also available at:
>> ·       http://self-issued.info/docs/draft-ietf-oauth-discovery-00.html <http://self-issued.info/docs/draft-ietf-oauth-discovery-00.html>
>>  
>>                                                           -- Mike
>>  
>> P.S.  This notice was also posted at http://self-issued.info/?p=1534 <http://self-issued.info/?p=1534> and as @selfissued <https://twitter.com/selfissued>.
>>  
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>