Replies inline...

-----Original Message-----
From: OAuth [mailto:[email protected]] On Behalf Of Hannes Tschofenig
Sent: Tuesday, March 7, 2017 10:46 AM
To: [email protected]; Phil Hunt <[email protected]>
Subject: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata

Hi all,

here is the write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt

I need your feedback on the following issues:

1) Implementation & deployment status of the spec

Microsoft has at least four deployments of the specification.  William Denniss 
has said that Google uses the specification.  I believe that Ping Identity also 
uses it.  The specification is used by 
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-01 and 
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04.

2) Working group summary (see below)
(Particularly asking Phil whether this is a correct summary.)

Rather than saying "feedback resulted in significant restructuring of the 
document" I would say "feedback resulted in focusing the scope of the 
specification, removing everything except for the authorization server 
metadata, which remained unchanged".

3) There are four normative references to non-IETF specifications (see below). 
I am wondering whether these are indeed necessary (as normative references).

I believe that these normative references are all necessary, because they 
provide information necessary to implement normative portions of the 
specification.

4) Any other feedback?

Glad this is finishing!

Ciao
Hannes

----

Working Group Summary

   Work on a discovery mechanism for OAuth was planned since a long
   time but it took till late 2015 before a document was submitted
   to the group, which re-used work done in the OpenID Foundation.
   When the WGLC was started in 2016, see
   https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html,
   feedback resulted in significant restructuring of the document.

   Now, almost a year later these concerns have been resolved and
   the document is ready for publication.


----

   [UNICODE]  The Unicode Consortium, "The Unicode Standard",
              <http://www.unicode.org/versions/latest/>.

   [USA15]    Davis, M. and K. Whistler, "Unicode Normalization Forms",
              Unicode Standard Annex 15, June 2015,
              <http://www.unicode.org/reports/tr15/>.

   [OAuth.Post]
              Jones, M. and B. Campbell, "OAuth 2.0 Form Post Response
              Mode", April 2015, <http://openid.net/specs/
              oauth-v2-form-post-response-mode-1_0.html>.

   [OAuth.Responses]
              de Medeiros, B., Ed., Scurtescu, M., Tarjan, P., and M.
              Jones, "OAuth 2.0 Multiple Response Type Encoding
              Practices", February 2014, 
<http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>.

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to