> 3 feb 2016 kl. 00:48 skrev Phil Hunt <phil.h...@oracle.com>: > > > Item 2: rel value for webfinger > It seems to me while the discovery requirements for plain OAuth and OIDC are > the same for today that might not always be true. What will happen if OIDC > wants to add more stuff? Will plain oAuth sites have to comply? > > A client may want to know both the OAuth discovery endpoint information for a > resource AND it might want to know the OIDC discovery information. They > endpoints might not always be the same - how do we tell them apart?
I’ve (we’ve) had exactly this problem in the UMA use-case. Which is just one example where an AS may have OAuth2 or OIDC parentage. So, I support having different real values. — Roland
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
