draft-ietf-oauth-discovery-09.txt   draft-ietf-oauth-discovery-10.txt 
OAuth Working Group M. Jones OAuth Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track N. Sakimura Intended status: Standards Track N. Sakimura
Expires: August 30, 2018 NRI Expires: September 5, 2018 NRI
J. Bradley J. Bradley
Ping Identity Ping Identity
February 26, 2018 March 4, 2018
OAuth 2.0 Authorization Server Metadata OAuth 2.0 Authorization Server Metadata
draft-ietf-oauth-discovery-09 draft-ietf-oauth-discovery-10
Abstract Abstract
This specification defines a metadata format that an OAuth 2.0 client This specification defines a metadata format that an OAuth 2.0 client
can use to obtain the information needed to interact with an OAuth can use to obtain the information needed to interact with an OAuth
2.0 authorization server, including its endpoint locations and 2.0 authorization server, including its endpoint locations and
authorization server capabilities. authorization server capabilities.
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 30, 2018. This Internet-Draft will expire on September 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 37 skipping to change at page 2, line 37
7.1.1. Registration Template . . . . . . . . . . . . . . . . 15 7.1.1. Registration Template . . . . . . . . . . . . . . . . 15
7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 15 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 15
7.2. Updated Registration Instructions . . . . . . . . . . . . 18 7.2. Updated Registration Instructions . . . . . . . . . . . . 18
7.3. Well-Known URI Registry . . . . . . . . . . . . . . . . . 19 7.3. Well-Known URI Registry . . . . . . . . . . . . . . . . . 19
7.3.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 7.3.1. Registry Contents . . . . . . . . . . . . . . . . . . 19
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.1. Normative References . . . . . . . . . . . . . . . . . . 19 8.1. Normative References . . . . . . . . . . . . . . . . . . 19
8.2. Informative References . . . . . . . . . . . . . . . . . 21 8.2. Informative References . . . . . . . . . . . . . . . . . 21
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 22 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 22
Appendix B. Document History . . . . . . . . . . . . . . . . . . 22 Appendix B. Document History . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
This specification generalizes the metadata format defined by "OpenID This specification generalizes the metadata format defined by "OpenID
Connect Discovery 1.0" [OpenID.Discovery] in a way that is compatible Connect Discovery 1.0" [OpenID.Discovery] in a way that is compatible
with OpenID Connect Discovery, while being applicable to a wider set with OpenID Connect Discovery, while being applicable to a wider set
of OAuth 2.0 use cases. This is intentionally parallel to the way of OAuth 2.0 use cases. This is intentionally parallel to the way
that the "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591] that the "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591]
specification generalized the dynamic client registration mechanisms specification generalized the dynamic client registration mechanisms
defined by "OpenID Connect Dynamic Client Registration 1.0" defined by "OpenID Connect Dynamic Client Registration 1.0"
skipping to change at page 15, line 19 skipping to change at page 15, line 19
point sequences used to represent them. Furthermore, proposed point sequences used to represent them. Furthermore, proposed
registrations that use Unicode code points that can only be registrations that use Unicode code points that can only be
represented in JSON strings as escaped characters must not be represented in JSON strings as escaped characters must not be
accepted. accepted.
7.1.1. Registration Template 7.1.1. Registration Template
Metadata Name: Metadata Name:
The name requested (e.g., "issuer"). This name is case-sensitive. The name requested (e.g., "issuer"). This name is case-sensitive.
Names may not match other registered names in a case-insensitive Names may not match other registered names in a case-insensitive
manner unless the Designated Experts state that there is a manner (one that would cause a match if the Unicode toLowerCase()
compelling reason to allow an exception. operation were applied to both strings) unless the Designated
Experts state that there is a compelling reason to allow an
exception.
Metadata Description: Metadata Description:
Brief description of the metadata (e.g., "Issuer identifier URL"). Brief description of the metadata (e.g., "Issuer identifier URL").
Change Controller: Change Controller:
For Standards Track RFCs, list the "IESG". For others, give the For Standards Track RFCs, list the "IESG". For others, give the
name of the responsible party. Other details (e.g., postal name of the responsible party. Other details (e.g., postal
address, email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
skipping to change at page 22, line 45 skipping to change at page 22, line 45
reviews of this specification: Shwetha Bhandari, Ben Campbell, Brian reviews of this specification: Shwetha Bhandari, Ben Campbell, Brian
Campbell, Brian Carpenter, William Denniss, Vladimir Dzhuvinov, Campbell, Brian Carpenter, William Denniss, Vladimir Dzhuvinov,
Donald Eastlake, Samuel Erdtman, George Fletcher, Dick Hardt, Phil Donald Eastlake, Samuel Erdtman, George Fletcher, Dick Hardt, Phil
Hunt, Alexey Melnikov, Tony Nadalin, Mark Nottingham, Eric Rescorla, Hunt, Alexey Melnikov, Tony Nadalin, Mark Nottingham, Eric Rescorla,
Justin Richer, Adam Roach, Hannes Tschofenig, and Hans Zandbelt. Justin Richer, Adam Roach, Hannes Tschofenig, and Hans Zandbelt.
Appendix B. Document History Appendix B. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-09 -10
o Clarified the meaning of "case-insensitive", as suggested by
Alexey Melnikov.
-09
o Revised the transformation between the issuer identifier and the o Revised the transformation between the issuer identifier and the
authorization server metadata location to conform to BCP 190, as authorization server metadata location to conform to BCP 190, as
suggested by Adam Roach. suggested by Adam Roach.
o Defined the characters allowed in registered metadata names and o Defined the characters allowed in registered metadata names and
values, as suggested by Alexey Melnikov. values, as suggested by Alexey Melnikov.
o Changed to using the RFC 8174 boilerplate instead of the RFC 2119 o Changed to using the RFC 8174 boilerplate instead of the RFC 2119
boilerplate, as suggested by Ben Campbell. boilerplate, as suggested by Ben Campbell.
 End of changes. 8 change blocks. 
8 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/