Hi all,
my preference would be for option 1; this was my first recommendation
due to my conviction that the session-based approach didn't fit some
clients well.
However, I do believe that we need to take some time to be sure that
what could be defined in the second document couldn't impact on the
first one.
For example, IMO, we should agree on the same set of (hopefully non-PII)
claims that can be used by both clients and servers acting as RPs.
From this perspective, don't think the current document could be ready
for WGLC as is and, at the same time, I recognize that option 2 would
avoid the risk of inconsistencies between the two docs.
Sorry for not having a definitive position on this point :-(
Best,
Mario
Il 14/11/2022 15:09, Hollenbeck, Scott ha scritto:
We need to decide what to do with draft-ietf-regext-rdap-openid and web
service clients. Our choices:
1. Finish the draft as-is, noting that it's limited to clients that can
implement OpenID Connect flows and can process session cookies. This implies
that we need another draft to describe OAuth-like token processing for clients
and servers that need that capability.
2. Add text to the draft that describes OAuth-like token processing for
clients and servers that need that capability.
My preference is for the first option.
Scott
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dott. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
