It is pretty obvious these refer to the two well defined endpoints in section 3. I will add a reference next to the locations to make this even clearer.
There is no such endpoint as client authentication as a location. OAuth core clearly defines three endpoints for which two are extensible via regisration. Anything else is out of scope. No other changes are needed or appropriate. EH > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Hannes Tschofenig > Sent: Sunday, June 24, 2012 6:18 AM > To: OAuth WG > Subject: [OAUTH-WG] OAuth Parameter Registration Template > > Hi all, > > working on the proposed text for the OAuth assertions draft I noticed an > interesting aspect in the core specification regarding Section 11.2.1, which > defines the registration template for OAuth parameters. > > The template lists all possible usage locations of parameters, namely > authorization request, authorization response, token request, or token > response. > > Here is the first issue: these locations are not defined anywhere in the > document and so one can only guess to what part of the protocol exchange > they belong. > > I agree that it may not be very difficult to guess but obviously it is not > completely obvious. It would have been nice if there is actually a match with > Figure 1, for example. > > http://tools.ietf.org/html/draft-ietf-oauth-assertions-03, for example, uses a > location that is not in the above list, namely 'client authentication'. > > Client authentication can also happen in the interaction between the client > and the resource server but the exchanges are not part of the allowed list of > usage locations. > > Ciao > Hannes > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
