Am 11.08.10 17:31, schrieb Torsten Lodderstedt: > >>> >>> >> >>> How is a UMA requestor envisioned to discover the auth server? >> >> On the Host side the user can tell it which AM (in UMA terms it's an >> Authorization Manager, some sort of extended AS) to use or it might be >> discovered via webfinger or similar means. >> >> The process for requesters is up to discussion a bit right now. In my >> prototype the Host is telling the Requester which AM is registered to >> the resource it tries to access. Then client registration can start from >> there. > > How does the Host tell the requester? I would imagine using host-meta, too.
The URI of the AM's resource token endpoint is included in the WWW-Authenticate header. From there on it's host-meta discovery for all necessary data. So yes. (and the Host knows which AM to include because it knows which resource was registered with which AM) Very rough version: http://mrtopf.clprojects.net/uma/draft-uma-core.html#anchor9 -- Christian > > regards, > Torsten. > >> >>> I think host-meta based client discovery could be to limited since it >>> does not allow (at least in my understanding) to serve different >>> clients (or their home web apps) on the same host. What about using >>> JRD or XRD? This would allow for a client-URL-related discovery. >> >> You are right. The question here might be if the LRDD part is being used >> or if maybe directly point to the client spec which would save one >> redirection. Not sure if we need to add a type field in this case, too >> (e.g. if JRD or XRD). I would favour to use only one format (JRD) though. >> >> >> -- Christian >> >>> What means for authentication a client against its home web app. do >>> you envision? >>> >>> regards, Torsten. >>> >>> Am 10.08.2010 um 21:31 schrieb Eve Maler <e...@xmlgrrl.com>: >>> >>>> Folks-- The UMA group has produced the following I-D as input to >>>> the OAuth discovery/registration/binding discussion. We wanted to >>>> set forth our requirements (knowing that there may be other >>>> requirements from the wider community) and propose some solutions >>>> that meet them. If further discussion seems to warrant an updating >>>> of this draft, we're happy to do that. (If you have interest in >>>> getting involved in UMA-specific work, feel free to drop me a >>>> note.) >>>> >>>> Eve >>>> >>>> http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt >>>> >>>> Begin forwarded message: >>>> >>>>> From: IETF I-D Submission Tool <idsubmiss...@ietf.org> Date: 10 >>>>> August 2010 12:23:59 PM PDT To: e...@xmlgrrl.com Cc: >>>>> c...@comlounge.net, m.p.machu...@ncl.ac.uk Subject: New Version >>>>> Notification for draft-oauth-dyn-reg-v1-00 >>>>> >>>>> >>>>> A new version of I-D, draft-oauth-dyn-reg-v1-00.txt has been >>>>> successfully submitted by Eve Maler and posted to the IETF >>>>> repository. >>>>> >>>>> Filename: draft-oauth-dyn-reg-v1 Revision: 00 Title: >>>>> OAuth Dynamic Client Registration Protocol Creation_date: >>>>> 2010-08-10 WG ID: Independent Submission Number_of_pages: >>>>> 20 >>>>> >>>>> Abstract: This specification proposes an OAuth Dynamic Client >>>>> Registration protocol. >>>>> >>>>> >>>>> >>>>> The IETF Secretariat. >>>>> >>>>> >>>> >>>> >>>> Eve Maler http://www.xmlgrrl.com/blog >>>> http://www.twitter.com/xmlgrrl http://www.linkedin.com/in/evemaler >>>> >>>> _______________________________________________ OAuth mailing list >>>> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth >>> _______________________________________________ OAuth mailing list >>> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth >> >> >> -- >> Christian Scholz Homepage: http://comlounge.net >> COM.lounge GmbH http://mrtopf.de/blog >> Hanbrucher Str. 33 http://twitter.com/mrtopf >> 52064 Aachen Skype: HerrTopf >> Tel: +49 241 400 730 0 c...@comlounge.net >> Fax: +49 241 979 00 850 IRC: MrTopf >> >> Podcasts: >> Der OpenWeb-Podcast (http://openwebpodcast.de) >> Data Without Borders (http://datawithoutborders.net) >> Politisches: http://politfunk.de/ >> Technical: http://comlounge.tv/ >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth -- Christian Scholz Homepage: http://comlounge.net COM.lounge GmbH http://mrtopf.de/blog Hanbrucher Str. 33 http://twitter.com/mrtopf 52064 Aachen Skype: HerrTopf Tel: +49 241 400 730 0 c...@comlounge.net Fax: +49 241 979 00 850 IRC: MrTopf Podcasts: Der OpenWeb-Podcast (http://openwebpodcast.de) Data Without Borders (http://datawithoutborders.net) Politisches: http://politfunk.de/ Technical: http://comlounge.tv/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
