+1
(1) is crystal-clear and is a must, as far as I am concerned. (2) would
definitely help as a catch-all for unauthorized requests.
Igor
Torsten Lodderstedt wrote:
Would it make sense to support two scenarios? (1) Discovery as described in my original
posting independent of "functional" re
Yes.
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of William Mills
> Sent: Wednesday, August 04, 2010 9:05 AM
> To: Torsten Lodderstedt
> Cc: OAuth WG (oauth@ietf.org)
> Subject: Re: [OAUTH-WG] OAuth Discovery
th-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
> >> Behalf Of Torsten Lodderstedt
> >> Sent: Wednesday, August 04, 2010 12:39 AM
> >> To: Torsten Lodderstedt
> >> Cc: OAuth WG (oauth@ietf.org)
> >> Subject: Re: [OAUTH-WG] OAuth Disco
rg)
Subject: Re: [OAUTH-WG] OAuth Discovery Requirements
Would it make sense to support two scenarios? (1) Discovery
as described in my original posting independent of
"functional" requests. (2) Discovery for unauthorized
requests (WWW-Authenticate header).
The later might be a lightwei
n Behalf Of Torsten Lodderstedt
> Sent: Wednesday, August 04, 2010 12:39 AM
> To: Torsten Lodderstedt
> Cc: OAuth WG (oauth@ietf.org)
> Subject: Re: [OAUTH-WG] OAuth Discovery Requirements
>
> Would it make sense to support two scenarios? (1) Discovery
> as described in my origin
Would it make sense to support two scenarios? (1) Discovery as described in my
original posting independent of "functional" requests. (2) Discovery for
unauthorized requests (WWW-Authenticate header).
The later might be a lightweight variant of the first scenario.
regards,
Torsten.
Am 02.08
onday, August 02, 2010 1:47 PM
> > To: Torsten Lodderstedt
> > Cc: OAuth WG (oauth@ietf.org)
> > Subject: Re: [OAUTH-WG] OAuth Discovery Requirements
> >
> > Does anyone see value in client discovery?
> >
> > A client starts a transaction with an authz server w
Behalf Of Marius Scurtescu
> Sent: Monday, August 02, 2010 1:47 PM
> To: Torsten Lodderstedt
> Cc: OAuth WG (oauth@ietf.org)
> Subject: Re: [OAUTH-WG] OAuth Discovery Requirements
>
> Does anyone see value in client discovery?
>
> A client starts a transaction with an
Does anyone see value in client discovery?
A client starts a transaction with an authz server without doing any
registration beforehand. Based on the client id (which can be a URL or
a domain name) the authz server can discover information about the
client, information that normally is provided du
