Hi Mike,
Am 19.04.2012 18:48, schrieb Mike Jones:
There are two criteria that I would consider to be essential requirements for
any resulting general-purpose discovery specification:
1. Being able to always discover per-user information with a single GET
(minimizing user interface latency for mobile devices, etc.)
Is this a requirement from an OpenID Connect perspective? I'm asking
because I think a user is not always the starting point of a discovery
process in the more general OAuth case. In my opinion there is a need to
discover
(1) the authorization server a particular resource server relies on
("www.example.com/webdav" --> "as.example.com" and
(2) the properties of this authz server ("as.example.com" --> tokens,
authz, revocation endpoints, grant types, ...).
How would this work with SWD or WebFinger?
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
