Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-19.txt

Wed, 04 Jan 2023 04:58:38 -0800 

> -----Original Message-----
> From: Pawel Kowalik <[email protected]>
> Sent: Tuesday, December 6, 2022 4:12 AM
> To: Hollenbeck, Scott <[email protected]>; [email protected]
> Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-
> 19.txt

[SAH] I'm working on -20. I need a few more clarifications.

> - in the Section 3.1.3 the Sequence diagram for session-oriented client 
> should
> also contain RDAP server <-> OP interactions to correspond to the sequence
> diagram of token-oriented clients

[SAH] What exactly is missing that needs to be there? I see a number of RDAP 
Server interactions with the OP in the existing diagram.

> - in the Section 4.1 I propose to add an additional member to the object in
> openidcProviders array:
>
>    - "additionalAuthorizationQueryParams" being an object where each member
> represents query parameter name and value is the query parameter value
>    This metadata will allow Token-Oriented Client to trigger authorization 
> with a
> specified OP through Proxy OP, even if the iss and authorization endpoints 
> are
> same. With Keycloak as example this can be controlled with "kc_idp_hint"
> parameter, so the example configuration would be:
>
>     "openidcProviders":
>              [
>                {
>                  "iss": "https://secure-
> web.cisco.com/1qTpGgvOW0O1IaI0PV07VJOt4JaNNTkdi-
> AvAhv3Wp4mF7rRuTcjEJ_leMZoez112c1Atkf2PO3rgB4na-
> Z5QDbPI5VqhnmYMV0ZW4XrWDJbweHswBJkznKyK3pY8PN8-fx-Bm9EnN-
> 5sKFRu35KKGIlU2masFNMkcEcqVzNugSp9lmz_-
> 0k5eydMRr5Co4TIFhwzWJNkSVXc85nyOazgjgK2vrbF88bIKCirXHUujUQ4XzZkJXW
> B1ehJ9ZZflrTQlqSpaBKl_9XPJ7ZsdAiYrHEHgSntsTbZBhZnFTchaDaAfdPhjwkiMv3
> AE1v21nXS/https%3A%2F%2Flocal-idp.rdap.example.com",
>                  "name": "Example Public IDP",
>                  "additionalAuthorizationQueryParams": {
>                     "kc_idp_hint": "examplepublicidp"
>                  }
>
>                }
>
>              ]

[SAH] The RDAP server publishes support for 
"additionalAuthorizationQueryParams". How would a client use this information, 
or tell the RDAP server to do something with it as part of a query, Pawel?

Scott
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext

Reply via email to