[Openid-specs-ab] [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-01.txt

Richer, Justin P. jricher at mitre.org
Mon Nov 5 22:50:34 UTC 2012

I thought of this during the merge process as well -- "associate" is a direct import from OIDC. The reasoning behind this verb is that you're "associating" a set of client metadata to a particular client identifier.

I'd be happy to change this term to "client_register" if there's consensus for a  move to that terminology.

Also, forgot to mention this before: The latest version of it will always be on my github:


This has the added benefit of allowing you all to fork the repo, make edits, file issues, and make pull requests against the document in between uploads to the IETF datatracker.

 -- Justin

On Nov 5, 2012, at 5:38 PM, Tim Bray wrote:

Quick question: Why is it “association request”, not “registration request”?  Nearly everywhere the term “association” appears, it seems like you could insert “registration” and achieve better clarity. -T

On Mon, Nov 5, 2012 at 2:20 PM, Richer, Justin P. <jricher at mitre.org<mailto:jricher at mitre.org>> wrote:
This draft combines the best-usable parts UMA and OpenID Connect dynamic registration drafts into one document that's designed to facilitate dynamic client registration. I've significantly reorganized the document and I've tried to exorcise any obvious dependencies on OpenID Connect or UMA. This protocol follows the OpenID Connect registration model most closely, in that it's form-parameters in and JSON out (as opposed to JSON round trip). This matches the rest of the OAuth protocol. It's a push model only for metadata as well, but it allows clients to push updates.

General formatting is still rough, but I think that the text is mostly readable and complete. There are several Editor's Notes in the document that bring up what I consider to be open questions or issues with the functionality. One that I forgot to leave a note for is client unregistration. Does it make sense to provide mechanisms for a full lifecycle for well-behaved clients?

We'll be discussing this draft in person at the IETF meeting for the OAuth working group on Thursday for anybody who wants to throw tomatoes at me*.

 -- Justin

*Please do not actually throw tomatoes at me.

From: oauth-bounces at ietf.org<mailto:oauth-bounces at ietf.org> [oauth-bounces at ietf.org<mailto:oauth-bounces at ietf.org>] on behalf of internet-drafts at ietf.org<mailto:internet-drafts at ietf.org> [internet-drafts at ietf.org<mailto:internet-drafts at ietf.org>]
Sent: Monday, November 05, 2012 5:12 PM
To: i-d-announce at ietf.org<mailto:i-d-announce at ietf.org>
Cc: oauth at ietf.org<mailto:oauth at ietf.org>
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth Dynamic Client Registration Protocol
        Author(s)       : Justin Richer
                          Thomas Hardjono
                          Maciej Machulak
                          Eve Maler
                          Christian Scholz
                          Nat Sakimura
                          John Bradley
                          Michael B. Jones
        Filename        : draft-ietf-oauth-dyn-reg-01.txt
        Pages           : 20
        Date            : 2012-11-05

   This specification proposes an OAuth Dynamic Client Registration

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list
OAuth at ietf.org<mailto:OAuth at ietf.org>
OAuth mailing list
OAuth at ietf.org<mailto:OAuth at ietf.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121105/c25383e8/attachment.html>

More information about the Openid-specs-ab mailing list