No idea. I am not sure yet what the discovery requirements are. For example, are clients expected to be familiar with each of the token-obtaining profiles and just need a single URI for each supported mechanism? XRD is useful for describing a bunch of links for such endpoints, but it might just be that the discovery information can be provided directly in the header.
Until we know what OAuth 2.0 looks like, we can't really discuss discovery much. Is there a reason why you are asking now? EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Paul C. Bryan > Sent: Wednesday, February 24, 2010 9:30 AM > To: [email protected] > Subject: [OAUTH-WG] OAuth XRD? > > This is a message directed mostly at Eran: > > Is the OAuth 2.0 discovery mechanism still expected to be via a "provider" > attribute in the WWW-Authenticate header, or is host-meta expected to > take over? > > Paul > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
