I've incorporated a number of changes and added examples. Thanks to all for the feedback. I can do a new draft any time if that's useful.
-bill ----- Original Message ----- > From: Peter Saint-Andre <[email protected]> > To: William Mills <[email protected]> > Cc: O Auth WG <[email protected]>; Apps Discuss <[email protected]> > Sent: Wednesday, June 13, 2012 8:48 AM > Subject: Re: [OAUTH-WG] OAuth discovery registration. > > On 6/13/12 9:27 AM, William Mills wrote: >> >> Since for the OAUTH SASL mechanism I need discovery for clients to >> work, and I had to rip the in-band discovery out of that mechanism, >> and I need it defined somewhere, I've drafted a small doc for the >> registration of link relation types for OAuth. It's too late in the >> process to get this into the core OAuth 2 spec, and it doesn't really >> fit in the WebFinger. Submission info provided below. > > Hi Bill, overall this looks good. A few nits: > > OLD > This document defines the LRDD [RFC5988] link type registrations for > the OAuth [I-D.ietf-oauth-v2] authentication framework. These link > types are used during the endpoint discovery process using Web Host > Metadata [I-D.hammer-hostmeta] and Webfinger > [I-D.jones-appsawg-webfinger] by clients needing to discover the > authentication endpoints for a service or site. It additionally > defines link type registrations for OAuth 1.0a [RFC5849]. > > NEW > This document defines the Link-based Resource Descriptor > Documents (LRDD) [RFC6415] link type registrations for the > OAuth [I-D.ietf-oauth-v2] authorization framework. These link > types are used during the endpoint discovery process using Web > Host Metadata [RFC6415] and Webfinger > [I-D.jones-appsawg-webfinger] by clients needing to discover the > authorization, token, and access token endpoints for an OAuth2 > service or site. It additionally defines link type registrations for > OAuth > 1.0a [RFC5849] request initiation endpoints, authorization endpoints, > and token endpoints. > > In Section 4.1.1, you register an "OAuth 2 Authentication Endpoint", > however draft-ietf-oauth-v2 defines only an authorization endpoint, a > token endpoint, and an access token endpoint. Whence this > "authentication endpoint"? Is it just a typo? > > Also, is the lack of a link type for OAuth2 access token endpoints an > oversight? It seems so. > > You have "Reference: [[this document]]" but I think you want: > > Reference: draft-ietf-oauth-v2 > > and > > Reference: RFC 5849 > > You can remove the reference for draft-hammer-hostmeta (RFC 6415 has > what you need). > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
