RFC 8615 (and RFC 5785 before it) says that .well-known should be at the
root of the URI local-part. Appendix A explains the rationale.
However, I'm seeing multi-tenancy in OpenID, with URI local-parts of the
form /${tenant}/.well-known/openid-configuration, which is not the
intended usage. /.well-known/openid-configuration/${tenant} would have
been better, given what the RFC says.
I suspect this happened because the registration for the
openid-configuration well-known URI [0] did not cover this use case.
Not sure that anything can or should be done about this, but it might be
worth reporting it here, thus this post.
If I had to propose anything at all to do about this, it might be to
update RFC 8615 to a) describe the use case, b) describe what has been
done, c) recommend or require /.well-known/thing/thang over
/thing/.well-known/thang, d) possibly grandfather some existing uses of
/thing/.well-known/thang, e) maybe update the registry to require that
registrants indicate whether they intend to have further structure below
their well-known URIs.
Nico
[0] https://openid.net/specs/openid-connect-discovery-1_0.html
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
