The client_update operation in 
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-03 does something different 
than the operation upon which it was based from 
http://openid.net/specs/openid-connect-registration-1_0-13.html.  Specifically, 
while the OpenID Connect operation replaces all field values, the OAuth 
operation allows only selective fields to be replaced, designating fields to 
remain unchanged by specifying their value as the empty string ("").

I'm personally not happy with the change to the semantics of client field 
inclusion.  Updating some but not all fields is a substantially more 
complicated operation than replacing all fields.  Is there some use case that 
motivates this?  I don't think it's a substantial burden on the registering 
party to remember all the field values from the initial registration and then 
selectively use them for update operations, when needed.  Then the work goes to 
the (I suspect rare) parties that need partial update - not to every server.  
It complicates the simple case, rather than pushing the complexity to the rare 
case, violating the design principle "make simple things simple and make more 
complicated things possible".

Is anyone opposed to updating the OAuth Registration semantics to match the 
Connect registration semantics?  Is so, why?

                                                                Thanks,
                                                                -- Mike

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to