Interesting use case, and not dissimilar to some others I've heard. How would you go about tracking this? Why would the instances need to know about each other?
One possible approach would be to use a common initializing Request Access Token that is used to call client_register on all instances of a given client. They wouldn't know about each other, per se, but the Authorization Server would at least know enough to be able to tie them together. There's also the OAuth2 Instance Information extension that I had tried to push a few years ago that comes up every now and again, that might be of use here with some modifications: http://tools.ietf.org/html/draft-richer-oauth-instance-00 I think I'd like to know more about your concerns and the parameters of your use case first. I am CC'ing the IETF OAuth Working Group email list, where this draft is being discussed and worked on. -- Justin On Jan 10, 2013, at 4:24 PM, "Boone, Keith W (GE Healthcare)" <[email protected]<mailto:[email protected]>> wrote: I would like to be able to use this protocol to dynamically register clients, but am challenged by the fact that there could be multiple instances of a public client, each unaware of what others have done. The current protocol doesn't seem to address this. Keith _________________________________ Keith W. Boone Standards Architect GE Healthcare M +1 617 640 7007 [email protected]<mailto:[email protected]> www.gehealthcare.com<http://www.gehealthcare.com/> 116 Huntington Ave Boston, MA 02116 USA GE imagination at work
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
