OpenID Connect defines how it happens for OpenID Connect. Other dynamic OAuth use cases still definitely need this.
From: Phil Hunt [mailto:[email protected]] Sent: Sunday, April 06, 2014 10:49 AM To: Mike Jones Cc: [email protected] Subject: Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents So in other words, OpenID Connect defines (or should define) how this happens. There is no need for the Dyn Reg spec to clarify this right? Phil @independentid www.independentid.com<http://www.independentid.com> [email protected]<mailto:[email protected]> On Apr 6, 2014, at 10:44 AM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: As a point of clarity, OpenID Connect does not mandate support for dynamic registration in all cases. In static profiles with a pre-established set of identity providers, it isn't required. It *is* required in the dynamic profile, in which clients can use identity providers that they have no pre-existing relationship with. -- Mike From: OAuth [mailto:[email protected]] On Behalf Of Torsten Lodderstedt Sent: Sunday, April 06, 2014 12:59 AM To: Bill Mills Cc: [email protected]<mailto:[email protected]> Subject: Re: [OAUTH-WG] Working Group Last Call on Dynamic Client Registration Documents I think it is at the discretion of the actual deployment whether clients may dynamically register or not (meaning they need to go through some oob mechanism). Protocols utilizing OAuth could make it part of their mandatory to implement features - in the same way OIDC does. Best regards, Torsten. Am 06.04.2014 um 07:12 schrieb Bill Mills <[email protected]<mailto:[email protected]>>: To me the fundamental question of whether a client has to be registered in each place it is used is quite significant. We don't address the problem and have not discussed it enough. -bill On Friday, April 4, 2014 11:39 PM, Torsten Lodderstedt <[email protected]<mailto:[email protected]>> wrote: Hi Bill, which scalability problem are you referring to? As far as I remember there were issues around the management API but not the core protocol. regards, Torsten. Am 04.04.2014 um 18:41 schrieb Bill Mills <[email protected]<mailto:[email protected]>>: Given the fundamental scalability problem we discussed in London do we really feel we're ready? On Friday, April 4, 2014 3:07 AM, Hannes Tschofenig <[email protected]<mailto:[email protected]>> wrote: Hi all, This is a Last Call for comments on the dynamic client registration documents: * OAuth 2.0 Dynamic Client Registration Core Protocol http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-16 * OAuth 2.0 Dynamic Client Registration Metadata http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-metadata-00 Since we have to do the last call for these two documents together we are setting the call for **3 weeks**. Please have your comments in no later than April 25th. Ciao Hannes & Derek _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
