Re: [OAUTH-WG] OAuth discovery registration.

Wed, 13 Jun 2012 08:48:29 -0700 

On 6/13/12 9:27 AM, William Mills wrote:
> 
> Since for the OAUTH SASL mechanism I need discovery for clients to
> work, and I had to rip the in-band discovery out of that mechanism,
> and I need it defined somewhere, I've drafted a small doc for the
> registration of link relation types for OAuth.  It's too late in the
> process to get this into the core OAuth 2 spec, and it doesn't really
> fit in the WebFinger. Submission info provided below.

Hi Bill, overall this looks good. A few nits:

OLD
   This document defines the LRDD [RFC5988] link type registrations for
   the OAuth [I-D.ietf-oauth-v2] authentication framework.  These link
   types are used during the endpoint discovery process using Web Host
   Metadata [I-D.hammer-hostmeta] and Webfinger
   [I-D.jones-appsawg-webfinger] by clients needing to discover the
   authentication endpoints for a service or site.  It additionally
   defines link type registrations for OAuth 1.0a [RFC5849].

NEW
   This document defines the Link-based Resource Descriptor
   Documents (LRDD) [RFC6415] link type registrations for the
   OAuth [I-D.ietf-oauth-v2] authorization framework.  These link
   types are used during the endpoint discovery process using Web
   Host Metadata [RFC6415] and Webfinger
   [I-D.jones-appsawg-webfinger] by clients needing to discover the
   authorization, token, and access token endpoints for an OAuth2
   service or site.  It additionally defines link type registrations for
OAuth
   1.0a [RFC5849] request initiation endpoints, authorization endpoints,
   and token endpoints.

In Section 4.1.1, you register an "OAuth 2 Authentication Endpoint",
however draft-ietf-oauth-v2 defines only an authorization endpoint, a
token endpoint, and an access token endpoint. Whence this
"authentication endpoint"? Is it just a typo?

Also, is the lack of a link type for OAuth2 access token endpoints an
oversight? It seems so.

You have "Reference: [[this document]]" but I think you want:

Reference: draft-ietf-oauth-v2

and

Reference: RFC 5849

You can remove the reference for draft-hammer-hostmeta (RFC 6415 has
what you need).

Peter

-- 
Peter Saint-Andre
https://stpeter.im/




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to