Am 11.08.2010 um 17:40 schrieb Christian Scholz <c...@comlounge.net>:
> Am 11.08.10 17:31, schrieb Torsten Lodderstedt:
>>
>>>>
>>>>
>>>
>>>> How is a UMA requestor envisioned to discover the auth server?
>>>
>>> On the Host side the user can tell it which AM (in UMA terms it's an
>>> Authorization Manager, some sort of extended AS) to use or it might be
>>> discovered via webfinger or similar means.
>>>
>>> The process for requesters is up to discussion a bit right now. In my
>>> prototype the Host is telling the Requester which AM is registered to
>>> the resource it tries to access. Then client registration can start from
>>> there.
>>
>> How does the Host tell the requester? I would imagine using host-meta, too.
>
> The URI of the AM's resource token endpoint is included in the
> WWW-Authenticate header. From there on it's host-meta discovery for all
> necessary data. So yes.
>
> (and the Host knows which AM to include because it knows which resource
> was registered with which AM)
>
> Very rough version:
> http://mrtopf.clprojects.net/uma/draft-uma-core.html#anchor9
>
So sending an unauthorized request is the only way to discover the AM?
regards,
Torsten.
>
> -- Christian
>
>
>
>
>>
>> regards,
>> Torsten.
>>
>>>
>>>> I think host-meta based client discovery could be to limited since it
>>>> does not allow (at least in my understanding) to serve different
>>>> clients (or their home web apps) on the same host. What about using
>>>> JRD or XRD? This would allow for a client-URL-related discovery.
>>>
>>> You are right. The question here might be if the LRDD part is being used
>>> or if maybe directly point to the client spec which would save one
>>> redirection. Not sure if we need to add a type field in this case, too
>>> (e.g. if JRD or XRD). I would favour to use only one format (JRD) though.
>>>
>>>
>>> -- Christian
>>>
>>>> What means for authentication a client against its home web app. do
>>>> you envision?
>>>>
>>>> regards, Torsten.
>>>>
>>>> Am 10.08.2010 um 21:31 schrieb Eve Maler <e...@xmlgrrl.com>:
>>>>
>>>>> Folks-- The UMA group has produced the following I-D as input to
>>>>> the OAuth discovery/registration/binding discussion. We wanted to
>>>>> set forth our requirements (knowing that there may be other
>>>>> requirements from the wider community) and propose some solutions
>>>>> that meet them. If further discussion seems to warrant an updating
>>>>> of this draft, we're happy to do that. (If you have interest in
>>>>> getting involved in UMA-specific work, feel free to drop me a
>>>>> note.)
>>>>>
>>>>> Eve
>>>>>
>>>>> http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> From: IETF I-D Submission Tool <idsubmiss...@ietf.org> Date: 10
>>>>>> August 2010 12:23:59 PM PDT To: e...@xmlgrrl.com Cc:
>>>>>> c...@comlounge.net, m.p.machu...@ncl.ac.uk Subject: New Version
>>>>>> Notification for draft-oauth-dyn-reg-v1-00
>>>>>>
>>>>>>
>>>>>> A new version of I-D, draft-oauth-dyn-reg-v1-00.txt has been
>>>>>> successfully submitted by Eve Maler and posted to the IETF
>>>>>> repository.
>>>>>>
>>>>>> Filename: draft-oauth-dyn-reg-v1 Revision: 00 Title:
>>>>>> OAuth Dynamic Client Registration Protocol Creation_date:
>>>>>> 2010-08-10 WG ID: Independent Submission Number_of_pages:
>>>>>> 20
>>>>>>
>>>>>> Abstract: This specification proposes an OAuth Dynamic Client
>>>>>> Registration protocol.
>>>>>>
>>>>>>
>>>>>>
>>>>>> The IETF Secretariat.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> Eve Maler http://www.xmlgrrl.com/blog
>>>>> http://www.twitter.com/xmlgrrl http://www.linkedin.com/in/evemaler
>>>>>
>>>>> _______________________________________________ OAuth mailing list
>>>>> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________ OAuth mailing list
>>>> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>> --
>>> Christian Scholz Homepage: http://comlounge.net
>>> COM.lounge GmbH http://mrtopf.de/blog
>>> Hanbrucher Str. 33 http://twitter.com/mrtopf
>>> 52064 Aachen Skype: HerrTopf
>>> Tel: +49 241 400 730 0 c...@comlounge.net
>>> Fax: +49 241 979 00 850 IRC: MrTopf
>>>
>>> Podcasts:
>>> Der OpenWeb-Podcast (http://openwebpodcast.de)
>>> Data Without Borders (http://datawithoutborders.net)
>>> Politisches: http://politfunk.de/
>>> Technical: http://comlounge.tv/
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>
>
> --
> Christian Scholz Homepage: http://comlounge.net
> COM.lounge GmbH http://mrtopf.de/blog
> Hanbrucher Str. 33 http://twitter.com/mrtopf
> 52064 Aachen Skype: HerrTopf
> Tel: +49 241 400 730 0 c...@comlounge.net
> Fax: +49 241 979 00 850 IRC: MrTopf
>
> Podcasts:
> Der OpenWeb-Podcast (http://openwebpodcast.de)
> Data Without Borders (http://datawithoutborders.net)
> Politisches: http://politfunk.de/
> Technical: http://comlounge.tv/
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
