Just to give more context, at IETF 94, I have done a presentation on
discovery.
According to the minutes,
(f) Discovery (Nat)
Nat explains his document as an example of the work that
has to be done
in the area of discovery, which is a topic that has been identified
as necessary for interoperability since many years but so far there
was not time to work on it. Mike, John and Nat are working on a new
document that describes additional discovery-relevant components.
Poll: 19 for / zero against / 4 persons need more information.
The document discussed there was
https://tools.ietf.org/html/draft-sakimura-oauth-meta-05. This is a simple
(only 1-page!) but a very powerful document that nudges towards HATEOAS
which is at the core of RESTful-ness. It also mitigates the Mix-up attack
without introducing the concept of issuer which is not in RFC6749. It is
also good for selecting different endpoints depending on the user
authentication and authorization results and more privacy sensitive than
pre-announced Discovery document. It also allows you to find to which
protected resource endpoint you can use the access token against.
In the last sentence of the minutes, it talks about "a new document that
describes additional discovery-relevant components". This is
https://tools.ietf.org/html/draft-jones-oauth-discovery-00. It went for
the call for adoption. However, it is only a half of the story. I believe
https://tools.ietf.org/html/draft-sakimura-oauth-meta-05 that was discussed
at IETF 94 and had support there should be adopted as well.
Nat Sakimura
2016年1月20日(水) 12:05 Nat Sakimura <sakim...@gmail.com>:
> Thanks Hannes.
>
> I did not find https://tools.ietf.org/html/draft-sakimura-oauth-meta-05, which
> was discussed in Yokohama, and was largely in agreement if my recollection
> is correct. Why is it not in the call for adoption?
>
>
>
> 2016年1月19日(火) 20:39 Hannes Tschofenig <hannes.tschofe...@gmx.net>:
>
>> Hi all,
>>
>> we have submitted our new charter to the IESG (see
>> http://www.ietf.org/mail-archive/web/oauth/current/msg15379.html) and
>> since some IESG members like to see an updated list of milestones as
>> well. For this reason, based on a suggestion from Barry, we are also
>> starting a call for adoption concurrently with the review of the charter
>> text by the IESG.
>>
>> We will post separate mails on the individual documents. Your feedback
>> is important! Please take the time to look at the documents and provide
>> your feedback.
>>
>> Ciao
>> Hannes & Derek
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
