Hi. Sorry that I have not been actively monitoring / commenting on the draft. I still have not looked at it in detail, but here are some of the comments that I have now:
General ------------ Instead of XML, I suggest using a JSON format, as OAuth 2.0 is all JSON at this point. OpenID Connect has been working on Dynamic Registration for sometime. They have larger set of things to register naturally but it could be a “profiled extension” of this spec. So, closer coordination would be good. Perhaps we can harmonize. 7.2 Client Discovery ---------------------------------- Clients may share the authority section of the URL, that they are only distinguished via path. So, we need a way of supporting such clients. Using a single host-meta to support all the clients in the same host pauses deployment issues, so it is better to be able to pull the registration date from the directory that the application is hosted. Hope these helps. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
