The lookup is based on the identifier provided by the user. It can have a user portion in the format of a URI https://j...@example.com , https://example.com/john or anything else where you can extract the domain.
The user portion is necessary to allow for per user IdP delegation. Otherwise only one IdP per host could be supported. John B. On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote: > Hi John, > > does the "identifier" contain of a domain part AND a username part or only > the domain part? > That's the crucial question here. > > Ciao > Hannes > > On May 9, 2012, at 9:20 PM, John Bradley wrote: > >> For openID Connect we are using the identifier to discover the AS. We >> refer to that as an issuer, and perform a second discovery step to get the >> configuration (Auth endpoint, token endpoint, user_info endpoint and other >> config) for that issuer. >> >> SWD/WF may be used for other things by other protocols, but our use is quite >> simple. >> >> I think that is probably the same thing for SASL, but others may think >> differently. >> >> John B. >> >> >> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote: >> >>> Hi guys, >>> >>> at the last IIW we had a discussion about SASL-OAuth and what the SASL >>> server needs to know for discovery. >>> The discovery discussions around WebFinger go in the same directions. >>> >>> So, I have been wondering whether we have made an informed decision about >>> how the discovery procedure is actually supposed to look like. >>> >>> In my view, the relying party (the client) only needs to know who the >>> identity provider (the AS/RS) is. >>> >>> Any other views? >>> >>> Ciao >>> Hannes >>> >>> PS: Please let me know if I should provide more background about the issue. >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
