+1 for "OAuth 2.0 Authorization Server Discovery” from those two options.
But what about "OAuth 2.0 Authorization Server Metadata”? The document in its current scope (which I agree with, BTW) isn't really about discovery so much as about describing the metadata at some well-known(ish) resource. On Sat, Feb 27, 2016 at 10:48 AM, Mike Jones <michael.jo...@microsoft.com> wrote: > It’s clear that people want us to move to the name “OAuth 2.0 > Authorization Server Discovery”. The editors will plan to make that > change in the draft addressing Working Group Last Call comments. > > > > Thanks all, > > -- Mike > > > > *From:* Samuel Erdtman [mailto:sam...@erdtman.se] > *Sent:* Saturday, February 27, 2016 6:47 AM > *To:* Mike Jones <michael.jo...@microsoft.com> > *Cc:* Vladimir Dzhuvinov <vladi...@connect2id.com>; oauth@ietf.org > > *Subject:* Re: [OAUTH-WG] OAuth 2.0 Discovery Location > > > > +1 for “OAuth 2.0 Authorization Server Discovery” > > > > //Samuel > > > > On Thu, Feb 25, 2016 at 8:10 PM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > Thanks for your thoughts, Vladimir. I’m increasingly inclined to accept > your suggestion to change the title from “OAuth 2.0 Discovery” to “OAuth > 2.0 Authorization Server Discovery”. While the abstract already makes it > clear that the scope of the document is AS discovery, doing so in the title > seems like it could help clarify things, given that a lot of the discussion > seems to be about resource discovery, which is out of scope of the document. > > > > I’m not saying that resource discovery isn’t important – it is – but > unlike authorization server discovery, where there’s lots of existing > practice, including using the existing data format for describing OAuth > implementations that aren’t being used with OpenID Connect, there’s no > existing practice to standardize for resource discovery. The time to > create a standard for that seems to be after existing practice has > emerged. It **might** or might not use new metadata values in the AS > discovery document, but that’s still to be determined. The one reason to > leave the title as-is is that resource discovery might end up involving > extensions to this metadata format in some cases. > > > > I think an analogy to the core OAuth documents RFC 6749 and RFC 6750 > applies. 6749 is about the AS. 6750 is about the RS. The discovery > document is about the AS. We don’t yet have a specification or existing > practice for RS discovery, which would be the 6750 analogy. > > > > In summary, which title do people prefer? > > · “OAuth 2.0 Discovery” > > · “OAuth 2.0 Authorization Server Discovery” > > > > <OAuth@ietf.org> > > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
