The client_update operation in http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-03 does something different than the operation upon which it was based from http://openid.net/specs/openid-connect-registration-1_0-13.html. Specifically, while the OpenID Connect operation replaces all field values, the OAuth operation allows only selective fields to be replaced, designating fields to remain unchanged by specifying their value as the empty string ("").
I'm personally not happy with the change to the semantics of client field inclusion. Updating some but not all fields is a substantially more complicated operation than replacing all fields. Is there some use case that motivates this? I don't think it's a substantial burden on the registering party to remember all the field values from the initial registration and then selectively use them for update operations, when needed. Then the work goes to the (I suspect rare) parties that need partial update - not to every server. It complicates the simple case, rather than pushing the complexity to the rare case, violating the design principle "make simple things simple and make more complicated things possible". Is anyone opposed to updating the OAuth Registration semantics to match the Connect registration semantics? Is so, why? Thanks, -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth