Jim Schaad <i...@augustcellars.com> writes: > As promised I finally got finished with this review. > > 1. Need to decide if /token, /introspect and /authz-info are under > /.well-defined or not. If they are then this needs to be noted and there > needs to be an IANA action if this has not already been done for OAuth.
Another option would be more flexible: You could have a well-defined (and IANA-registered) resource type that allows linking to the token- introspect and authz-info endpoints. In the /.well-known/core of as.example.com, you would find </token>;rt="auth-request" or, in a resource directory, you could link to as.example.com's token endpoint as follows: </token>;rt="auth-request";anchor="coaps://as.example.com/" Grüße Olaf _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace