I agree that a goal of any OAuth dynamic registration work should be that it
can be extended to meet the requirements of the OpenID Connect use case. I'm
sure that extensions would be required, as the Connect registration spec
intentionally has knowledge built into it that is specific to choices made in
Connect. For instance, it provides ways to specify requested signature and
encryption algorithms for JWTs used as ID Tokens and for signing and/or
encrypting UserInfo Endpoint responses; it allows requested Authentication
Context Class References to be specified, etc.
If a generic OAuth dynamic registration spec can't be extended to meet these
use case needs, that would be a clear failure. Extensions would be needed
because this more specific functionality would likely not be in the more
generic, presumably token-type-agnostic OAuth spec.
Also, as a timing issue, I expect the OpenID Connect specs to be final before
there's a complete OAuth dynamic registration spec, for what it's worth.
-- Mike
From: [email protected] [mailto:[email protected]] On Behalf Of
Justin Richer
Sent: Thursday, March 22, 2012 10:36 AM
To: [email protected]
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
I think it's a matter of politics and semantics: The real question is what do
we officially build the IETF version off of? The WG can't officially start with
the OIDF document due to IETF process, which makes sense. But there's nothing
that says we can't start with Thomas's draft and be heavily influenced by the
Connect draft, and make a new one as a real starting point for conversation.
If the Connect implementation still needs specific things, it can extend or
profile the IETF version, and remain an OIDF document that normatively
references the IETF document. This is where I see some real value -- the WG can
focus on making a solid interoperable registration piece that different
applications can extend and use as they see fit for the particulars of their
use cases.
Does this pass muster with everyone?
-- Justin
On 03/22/2012 01:26 PM, Mike Jones wrote:
I agree with John that submitting the OpenID Connect dynamic client
registration spec to the IETF would make no sense. It is intentionally
specific to the requirements of the Connect use case.
I sent the link to it only so people could compare them, if interested.
-- Mike
________________________________
From: John Bradley
Sent: 3/22/2012 9:43 AM
To: Phil Hunt
Cc: Mike Jones; [email protected]<mailto:[email protected]>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
It is a OIDF spec at the moment. We don't have any plan to submit it currently.
If there is a WG desire for that to happen the OIDF board would have to discuss
making a submission.
All in all I don't know that it is worth the IPR Lawyer time, as Thomas has a
quite similar ID Submission.
Anything is possible however.
John B.
On 2012-03-22, at 1:24 PM, Phil Hunt wrote:
Would the plan be for the Connect Registration spec to be submitted to IETF so
they can become WG drafts?
The spec seems like a good starting point.
Phil
@independentid
[The entire original message is not included.]
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
