Hi all, I was prompted by the discussion at the interim to look more closely at what we say about the "default name" for endpoint URIs, e.g., the authz-info endpoint. The last paragraph of https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-33#section-5.8.1 says:
The default name of this endpoint in an url-path is '/authz-info', however implementations are not required to use this name and can define their own instead. I've gotten advice from some URI experts that this doesn't give an easy/discoverable path (pun intended) to using a non-default value, which is problematic from the perspective of BCP 190 (and we should expect to get discussed at IESG evaluation time). This sort of issue goes away if we allocate a well-known URI for authz-info from https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml and have that be the default. In particular, that wouldn't actually stop any deployments from using /authz-info, but it does mean they'd have to knowingly "opt in" to doing so. What do people think? Thanks, Ben _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
