Replies inline... -----Original Message----- From: OAuth [mailto:[email protected]] On Behalf Of Hannes Tschofenig Sent: Tuesday, March 7, 2017 10:46 AM To: [email protected]; Phil Hunt <[email protected]> Subject: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
Hi all, here is the write-up: https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt I need your feedback on the following issues: 1) Implementation & deployment status of the spec Microsoft has at least four deployments of the specification. William Denniss has said that Google uses the specification. I believe that Ping Identity also uses it. The specification is used by https://tools.ietf.org/html/draft-ietf-oauth-token-binding-01 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04. 2) Working group summary (see below) (Particularly asking Phil whether this is a correct summary.) Rather than saying "feedback resulted in significant restructuring of the document" I would say "feedback resulted in focusing the scope of the specification, removing everything except for the authorization server metadata, which remained unchanged". 3) There are four normative references to non-IETF specifications (see below). I am wondering whether these are indeed necessary (as normative references). I believe that these normative references are all necessary, because they provide information necessary to implement normative portions of the specification. 4) Any other feedback? Glad this is finishing! Ciao Hannes ---- Working Group Summary Work on a discovery mechanism for OAuth was planned since a long time but it took till late 2015 before a document was submitted to the group, which re-used work done in the OpenID Foundation. When the WGLC was started in 2016, see https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html, feedback resulted in significant restructuring of the document. Now, almost a year later these concerns have been resolved and the document is ready for publication. ---- [UNICODE] The Unicode Consortium, "The Unicode Standard", <http://www.unicode.org/versions/latest/>. [USA15] Davis, M. and K. Whistler, "Unicode Normalization Forms", Unicode Standard Annex 15, June 2015, <http://www.unicode.org/reports/tr15/>. [OAuth.Post] Jones, M. and B. Campbell, "OAuth 2.0 Form Post Response Mode", April 2015, <http://openid.net/specs/ oauth-v2-form-post-response-mode-1_0.html>. [OAuth.Responses] de Medeiros, B., Ed., Scurtescu, M., Tarjan, P., and M. Jones, "OAuth 2.0 Multiple Response Type Encoding Practices", February 2014, <http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
