Hi Mike,
just read your spec and I'm also a bit confused about the "resource"
meta data element in section 2.
I would assume the metadata are provided for a certain resource server
managing a set of resources in a particular administrative domain. So I
would prefer to name the respective element "resource_server". In the
example George gave the URL would be
"https://idp.example.com/tenant/<tenantid>/". Resource managed by a
particular resource server could use sub-paths of the respective URL,
such as " https://idp.example.com/tenant/<tenantid>/users/<userid>".
best regards,
Torsten.
Am 05.08.2016 um 02:10 schrieb George Fletcher:
Mike, thanks for drafting and publishing these specifications. I have
a couple of questions regarding the
draft-jones-oauth-resource-metadata-00.
1. Is a "protected resource" a server? or an actual API endpoint. The
non-normative examples use /.well-known/oauth-protected-resource and
/resource1/.well-known/oauth-protected-resource which is a little
unclear. I think of "resource" as something like "Mail" or "Instant
Messaging".
2. Assuming that "protected resource" means an actual API endpoint,
what is the expected location of the metadata for a fully REST
compliant API where the full URL points to a specific resource and not
the concept of a general API.
Using an example of an IdP that supports user management
capabilities. Let's assume the IdP supports a REST API of...
CREATE -- POST https://idp.example.com/tenant/<tenantid>/users
READ -- GET
https://idp.example.com/tenant/<tenantid>/users/<userid>
UPDATE --
PUThttps://idp.example.com/tenant/<tenantid>/users/<userid>
DELETE --
DELETEhttps://idp.example.com/tenant/<tenantid>/users/<userid>
Assuming there are 3 tenants (tenantA, tenantB, tenantB) and lots
of users. Where does the .well-known/oauth-protected-resource get
added?
??
https://idp.example.com/tenant/tenantA/users/1232234/.well-known/oauth-protected-resource
In this case would not the oauth-protected-resource metadata be
duplicated across the set of tenants and users? Is that the
desired behavior?
Thanks,
George
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth