Hello Scott, Firstly, thank you for including both session-oriented and token-oriented client scenarios in this doc. Makes it easier for comparison.
Please find my input to your question below. Regards, Jasdip On 1/26/23, 2:10 PM, "regext on behalf of Hollenbeck, Scott" <regext-boun...@ietf.org <mailto:regext-boun...@ietf.org> on behalf of shollenbeck=40verisign....@dmarc.ietf.org <mailto:40verisign....@dmarc.ietf.org>> wrote: > >>> Yes, it's more work for servers, but it makes things easier for clients. > >> [JB] I agree that the server development should follow Postel's law > >> but why not adding this as a capability in the > >> farv1_openidcConfiguration structure, so what is implemented would be > clear and won't break the principle. > >> This concern is based on feedback I got from developers, including > >> people maintaining RDAP servers. I think we may end up with partial > >> implementations without a way to be aware that only one client type is > supported. > > [SAH] I'd really like to hear what others have to say about this. A server > > that > only supports one type of client won't be accessible to some number of end > users. That doesn't sound like a good thing. > > [ML] I support Julien's proposal. > > The token-based approach will be implemented with little to no effort while > the > session-based approach will take much more time. > > IMO, separating the implementation of the two approaches would enable > implementers to easily comply with the spec. > > In addition, the token-based approach might be the only one practicable due > to > the server policy of accepting the authenticated requests from trusted > clients > only. [SAH] Thanks for the feedback, Mario. I still don't think this is a good idea, but if mine is a minority opinion I'll update the text to remove the MUST and include config info so a server can describe the type(s) of clients it supports. Please folks, share an opinion now if you have one. Should a server be able to support one type of client only? [JS] As much as we want to be liberal in accepting various usage scenarios from clients, I think there is a merit in considering the implementation cost for RDAP servers. Tend to agree with Mario and Julien; allowing a server to signal the type of clients it supports should help speed up the server implementations for this proposal. _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
