+1 for "OAuth 2.0 Authorization Server Discovery” from those two options.
But what about "OAuth 2.0 Authorization Server Metadata”? The document in its current scope (which I agree with, BTW) isn't really about discovery so much as about describing the metadata at some well-known(ish) resource. On Sat, Feb 27, 2016 at 10:48 AM, Mike Jones <[email protected]> wrote: > It’s clear that people want us to move to the name “OAuth 2.0 > Authorization Server Discovery”. The editors will plan to make that > change in the draft addressing Working Group Last Call comments. > > > > Thanks all, > > -- Mike > > > > *From:* Samuel Erdtman [mailto:[email protected]] > *Sent:* Saturday, February 27, 2016 6:47 AM > *To:* Mike Jones <[email protected]> > *Cc:* Vladimir Dzhuvinov <[email protected]>; [email protected] > > *Subject:* Re: [OAUTH-WG] OAuth 2.0 Discovery Location > > > > +1 for “OAuth 2.0 Authorization Server Discovery” > > > > //Samuel > > > > On Thu, Feb 25, 2016 at 8:10 PM, Mike Jones <[email protected]> > wrote: > > Thanks for your thoughts, Vladimir. I’m increasingly inclined to accept > your suggestion to change the title from “OAuth 2.0 Discovery” to “OAuth > 2.0 Authorization Server Discovery”. While the abstract already makes it > clear that the scope of the document is AS discovery, doing so in the title > seems like it could help clarify things, given that a lot of the discussion > seems to be about resource discovery, which is out of scope of the document. > > > > I’m not saying that resource discovery isn’t important – it is – but > unlike authorization server discovery, where there’s lots of existing > practice, including using the existing data format for describing OAuth > implementations that aren’t being used with OpenID Connect, there’s no > existing practice to standardize for resource discovery. The time to > create a standard for that seems to be after existing practice has > emerged. It **might** or might not use new metadata values in the AS > discovery document, but that’s still to be determined. The one reason to > leave the title as-is is that resource discovery might end up involving > extensions to this metadata format in some cases. > > > > I think an analogy to the core OAuth documents RFC 6749 and RFC 6750 > applies. 6749 is about the AS. 6750 is about the RS. The discovery > document is about the AS. We don’t yet have a specification or existing > practice for RS discovery, which would be the 6750 analogy. > > > > In summary, which title do people prefer? > > · “OAuth 2.0 Discovery” > > · “OAuth 2.0 Authorization Server Discovery” > > > > <[email protected]> > > > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
