Hi Phil, Hi Tony, Hi all,
I re-read the document and I believe the most important concept it
introduces is the classification of different associations, namely into
'static', 'dynamic', and 'transient'. This is certainly something
worthwhile to discuss during the meeting and to ensure that it is well
understood, and that there are only these three classes (rather than two
or four).
The description in the introduction makes the differentiation between
the three concepts mostly based on how the endpoints are configured in
the application.
With the static association the endpoint is hard-coded into the software
during the development time. It cannot be changed. With the two other
cases the endpoint can be changed. As such, the difference between the
'dynamic', and 'transient' association seems to be in the terms of how
long the lifetime of the association. Now, what exactly is the lifetime
of an association? Is the lifetime of the association understood as the
lifetime of the configured endpoint identifier?
Then, when I re-read the text in Section 1 again then I suddenly get the
impression that the lifetime of the association actually does not matter
but instead the difference is rather whether the client is public or
confidential. Is that true?
If it isn't true that this is the feature that makes the distinction
between 'dynamic', and 'transient' then the notion of "public" vs.
"confidential" client isn't too important for the rest of the document.
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
