Eve, thank you for writting this document. I consider it a good starting point for a discussion about client registration and discovery. Will you propose this as a WG item?
My comments & questions: You propose a host-meta based discovery of the registration endpoint on the authz server. Could this mechanism be used for discovering all AS endpoints, e.g. tokens and end-user authorization? How is a UMA requestor envisioned to discover the auth server? I think host-meta based client discovery could be to limited since it does not allow (at least in my understanding) to serve different clients (or their home web apps) on the same host. What about using JRD or XRD? This would allow for a client-URL-related discovery. What means for authentication a client against its home web app. do you envision? regards, Torsten. Am 10.08.2010 um 21:31 schrieb Eve Maler <e...@xmlgrrl.com>: > Folks-- The UMA group has produced the following I-D as input to the OAuth > discovery/registration/binding discussion. We wanted to set forth our > requirements (knowing that there may be other requirements from the wider > community) and propose some solutions that meet them. If further discussion > seems to warrant an updating of this draft, we're happy to do that. (If you > have interest in getting involved in UMA-specific work, feel free to drop me > a note.) > > Eve > > http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt > > Begin forwarded message: > >> From: IETF I-D Submission Tool <idsubmiss...@ietf.org> >> Date: 10 August 2010 12:23:59 PM PDT >> To: e...@xmlgrrl.com >> Cc: c...@comlounge.net, m.p.machu...@ncl.ac.uk >> Subject: New Version Notification for draft-oauth-dyn-reg-v1-00 >> >> >> A new version of I-D, draft-oauth-dyn-reg-v1-00.txt has been successfully >> submitted by Eve Maler and posted to the IETF repository. >> >> Filename: draft-oauth-dyn-reg-v1 >> Revision: 00 >> Title: OAuth Dynamic Client Registration Protocol >> Creation_date: 2010-08-10 >> WG ID: Independent Submission >> Number_of_pages: 20 >> >> Abstract: >> This specification proposes an OAuth Dynamic Client Registration >> protocol. >> >> >> >> The IETF Secretariat. >> >> > > > Eve Maler > http://www.xmlgrrl.com/blog > http://www.twitter.com/xmlgrrl > http://www.linkedin.com/in/evemaler > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
