There is a more general problem in PaaS deployment about how RA and AS infrastructure discover and coordinate with each other. For the most part this hasn't been necessary since usually the AS and RS are controlled by the same admins. But in PaaS/IaaS the requirements vary widely.
How does an RS indicate to an AS what tokens it is able to support (directly or indirectly via a security module). And then subsequently for the as and rs to let the client know? We need to broaden discovery to cover all the scenarios so that automated and secure config of AS/RS/Tkn/Reg/RS entities works. Phil > On Feb 8, 2016, at 07:04, John Bradley <ve7...@ve7jtb.com> wrote: > > The RS is going to have to advertise what presentment mechanisms it supports. > > We don’t have that yet. I suspect that it might be part of OAuth Discovery. > Currently that mostly cover AS discovery, but for the RS I could see doing a > head on the resource and getting back a link to a JSON document that would > contain meta-data about the RS. > > The standard OAuth answer to this question is the client would get it from > the service documentation, but that is not really scalable. > > >> On Feb 5, 2016, at 5:30 AM, Ludwig Seitz <lud...@sics.se> wrote: >> >> On 02/04/2016 05:14 PM, John Bradley wrote: >>> In https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution >>> >>> The proof key is included in the access token or provided out of band. >>> >>> The proof mechanism to the RS is what would determine if the key type needs >>> to match DTLS . >>> If the proof is DTLS then they would need to match. >> >> Thank you John, this leads me to another question (maybe I just missed it in >> the PoP drafts): Who decides what the proof mechanism should be? How is the >> proof mechanism signaled to the client (the client may support several proof >> mechanisms)? >> >> /Ludwig >> >> >> -- >> Ludwig Seitz, PhD >> SICS Swedish ICT AB >> Ideon Science Park >> Building Beta 2 >> Scheelevägen 17 >> SE-223 70 Lund >> >> Phone +46(0)70 349 9251 >> http://www.sics.se > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
