Hi Justin,
the new revision seems to catch the state of discussion and is
consistent. Thank's for bringing this topic forward.
On your editor's not in section 4.2.: In my opinion, the 404 due to a
none-existing resource should precede the 403. I would suggest to point
out your thoughts on the access token. But as with any HTTP request,
there could be other ways to authenticate to this endpoint. I therefore
would not connect both aspects to much.
section 4.3
"This request MUST include all fields described in Client Metadata
(Section 2) as returned to the Client from a previous register, read,
or update operation."
Just to make sure I got it. Any data element omitted in this request is
deleted/reset by the AS?
section 5.1
Something seems to be missing at
"The response contains the following fields:
, as well as a Client Secret if this client is a confidential client."
regards,
Torsten.
Am 15.02.2013 23:00, schrieb Richer, Justin P.:
Everyone, there's a new draft of DynReg up on the tracker. This draft tries to
codify the discussions so far from this week into something we can all read.
There are still plenty of open discussion points and items up for debate.
Please read through this latest draft and see what's changed and help assure
that it properly captures the conversations. If you have any inputs for the
marked [[ Editor's Note ]] sections, please send them to the list by next
Thursday to give me opportunity to get any necessary changes in by the cutoff
date of Monday the 22nd.
Thanks for all of your hard work everyone, I think this is *really* coming
along now.
-- Justin
On Feb 15, 2013, at 4:54 PM, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth Dynamic Client Registration Protocol
Author(s) : Justin Richer
John Bradley
Michael B. Jones
Maciej Machulak
Filename : draft-ietf-oauth-dyn-reg-06.txt
Pages : 21
Date : 2013-02-15
Abstract:
This specification defines an endpoint and protocol for dynamic
registration of OAuth Clients at an Authorization Server.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-06
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-06
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
