There is significant overlap between this draft and the concepts brought to the OAuth WG at the last IETF meeting by Ben Schwartz, which he also presented to the HTTPAPI WG. After that meeting, I volunteered to work with Ben on adapting his concepts to a model that would fit better within the OAuth framework. I published an early draft, which I am planning on presenting at the next IETF meeting. https://datatracker.ietf.org/doc/draft-parecki-oauth-authorization-server-discovery/
During the HTTPAPI and OAuth sessions at IETF 115, there were many concerns expressed by various people in the groups about establishing and enabling this kind of relationship, which would also apply to this Resource Metadata draft. I believe there should be further discussions about the concepts described here as well as how best to enable other working groups to take advantage of this kind of relationship between an RS and AS before adopting this particular draft. Aaron On Sat, Jan 28, 2023 at 5:21 PM David Waite <david= [email protected]> wrote: > I support adoption by the working group. > > -DW > > On Jan 24, 2023, at 2:38 AM, Giuseppe De Marco <[email protected]> > wrote: > > Hello everybody, > > I would like to bring to your attention this expired draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > I propose the take up this individual draft for its adoption as an > official internet draft. > The reason I ask this is that there are implementations of this draft born > with the need to have metadata for entities of type RS. > > The implementation of which I am aware concerns the Italian "Attribute > Authorities" [0]. OpenID Federation draft also defines the metadata of the > oauth_resource type [1], taking up the elements defined in the draft in > question. Recently, an interesting reflection seems to have arisen also in > OpenID4VCI/OpenID4VP [2]. > > Thank you for your attention, I hope to read your valuable feedback soon, > best > > [0] https://italia.github.io/spid-cie-oidc-docs/en/metadata_aa.html > [1] > https://openid.net/specs/openid-connect-federation-1_0.html#section-4.7 > [2] > https://bitbucket.org/openid/connect/issues/1781/do-new-entity-types-required-for-oid4vp > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
