The core spec actually already does speak to this question, Bill.
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-16#section-3 says:
In some cases, authorization servers MAY choose to accept a software
statement value directly as a Client ID in an authorization request,
without a prior dynamic client registration having been performed.
The circumstances under which an authorization server would do so,
and the specific software statement characteristics required in this
case, are beyond the scope of this specification.
This spec is about dynamic registration, and how to accomplish it. In the case
where registration isn't used, other specs or conventions would be needed,
which are out of scope for the dynamic registration work (by definition!).
Cheers,
-- Mike
From: OAuth [mailto:[email protected]] On Behalf Of Bill Mills
Sent: Saturday, April 05, 2014 10:13 PM
To: Torsten Lodderstedt
Cc: [email protected]
Subject: Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration
Documents
To me the fundamental question of whether a client has to be registered in each
place it is used is quite significant. We don't address the problem and have
not discussed it enough.
-bill
On Friday, April 4, 2014 11:39 PM, Torsten Lodderstedt
<[email protected]<mailto:[email protected]>> wrote:
Hi Bill,
which scalability problem are you referring to? As far as I remember there were
issues around the management API but not the core protocol.
regards,
Torsten.
Am 04.04.2014 um 18:41 schrieb Bill Mills
<[email protected]<mailto:[email protected]>>:
Given the fundamental scalability problem we discussed in London do we really
feel we're ready?
On Friday, April 4, 2014 3:07 AM, Hannes Tschofenig
<[email protected]<mailto:[email protected]>> wrote:
Hi all,
This is a Last Call for comments on the dynamic client registration
documents:
* OAuth 2.0 Dynamic Client Registration Core Protocol
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-16
* OAuth 2.0 Dynamic Client Registration Metadata
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-metadata-00
Since we have to do the last call for these two documents together we
are setting the call for **3 weeks**.
Please have your comments in no later than April 25th.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
