Hi guys, at the last IIW we had a discussion about SASL-OAuth and what the SASL server needs to know for discovery. The discovery discussions around WebFinger go in the same directions.
So, I have been wondering whether we have made an informed decision about how the discovery procedure is actually supposed to look like. In my view, the relying party (the client) only needs to know who the identity provider (the AS/RS) is. Any other views? Ciao Hannes PS: Please let me know if I should provide more background about the issue. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
