I'm fine with this clarification as it is more correctly describes the
purpose of the document.
Thanks,
George
On 2/29/16 5:34 PM, Brian Campbell wrote:
+1 for "OAuth 2.0 Authorization Server Discovery” from those two options.
But what about "OAuth 2.0 Authorization Server Metadata”?
The document in its current scope (which I agree with, BTW) isn't
really about discovery so much as about describing the metadata at
some well-known(ish) resource.
On Sat, Feb 27, 2016 at 10:48 AM, Mike Jones
<michael.jo...@microsoft.com <mailto:michael.jo...@microsoft.com>> wrote:
It’s clear that people want us to move to the name “OAuth 2.0
Authorization Server Discovery”. The editors will plan to make
that change in the draft addressing Working Group Last Call comments.
Thanks all,
-- Mike
*From:*Samuel Erdtman [mailto:sam...@erdtman.se
<mailto:sam...@erdtman.se>]
*Sent:* Saturday, February 27, 2016 6:47 AM
*To:* Mike Jones <michael.jo...@microsoft.com
<mailto:michael.jo...@microsoft.com>>
*Cc:* Vladimir Dzhuvinov <vladi...@connect2id.com
<mailto:vladi...@connect2id.com>>; oauth@ietf.org
<mailto:oauth@ietf.org>
*Subject:* Re: [OAUTH-WG] OAuth 2.0 Discovery Location
+1 for “OAuth 2.0 Authorization Server Discovery”
//Samuel
On Thu, Feb 25, 2016 at 8:10 PM, Mike Jones
<michael.jo...@microsoft.com <mailto:michael.jo...@microsoft.com>>
wrote:
Thanks for your thoughts, Vladimir. I’m increasingly inclined
to accept your suggestion to change the title from “OAuth 2.0
Discovery” to “OAuth 2.0 Authorization Server Discovery”.
While the abstract already makes it clear that the scope of
the document is AS discovery, doing so in the title seems like
it could help clarify things, given that a lot of the
discussion seems to be about resource discovery, which is out
of scope of the document.
I’m not saying that resource discovery isn’t important – it is
– but unlike authorization server discovery, where there’s
lots of existing practice, including using the existing data
format for describing OAuth implementations that aren’t being
used with OpenID Connect, there’s no existing practice to
standardize for resource discovery. The time to create a
standard for that seems to be after existing practice has
emerged. It **might** or might not use new metadata values in
the AS discovery document, but that’s still to be determined.
The one reason to leave the title as-is is that resource
discovery might end up involving extensions to this metadata
format in some cases.
I think an analogy to the core OAuth documents RFC 6749 and
RFC 6750 applies. 6749 is about the AS. 6750 is about the
RS. The discovery document is about the AS. We don’t yet
have a specification or existing practice for RS discovery,
which would be the 6750 analogy.
In summary, which title do people prefer?
·“OAuth 2.0 Discovery”
·“OAuth 2.0 Authorization Server Discovery”
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
