[Openid-specs-ab] Dynamic Client Registration

Nat Sakimura sakimura at gmail.com
Mon Feb 4 22:40:36 UTC 2013


2013/2/5 Mike Jones <Michael.Jones at microsoft.com>

>  This looks substantially better than the last version.  Thanks for doing
> it!
>

It was my blunder. I kept uploading the old version for a very silly
reason.


> ****
>
> ** **
>
> The one thing that immediately surprised me is that the client_update
> request doesn’t have a client_id parameter.  I realize that you’re
> expecting it to be inferred from the access token, but it would be a good
> cross-check to always include it – in part to make sure that the caller
> actually has the right client_id, and in part, so the “register” and
> “update” functions can easily be syntactically distinguished.
>

There are several reasons for it.

1.  d16 did not include client_id in the update request <-- biggest reason.
2. client_id can be inferred from the Self URL.
    In fact, it should include the client_id in some form that the server
likes.
3. client_id can be inferred from the Access Token as well.


> ****
>
> ** **
>
>                                                                 -- Mike***
> *
>
> ** **
>
> *From:* Nat Sakimura [mailto:sakimura at gmail.com]
> *Sent:* Monday, February 04, 2013 2:03 PM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net Group; Justin Richer
>
> *Subject:* Re: [Openid-specs-ab] Dynamic Client Registration****
>
> ** **
>
> OK. Now I have uploaded the correct Discussion Draft 17.
>
> HTML:
> http://nat.sakimura.org/wp-content/uploads/2013/02/draft-openid-connect-registration-1_0.html
> diff:
> http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-diff-16-17.txt
> ****
>
>  XML:
> http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0.xml
> ****
>
> TXT (d16):
> http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d16.txt
> ****
>
> TXT (d17):
> http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d17.txt
> ****
>
>
> [Changes] ****
>
> -17 discussion version****
>
> **·         **Moved Terminology section out of Introduction to form an
> independent section and added several terminology definitions****
>
> **·         **Deleted the operation parameter****
>
> **·         **Deleted the rotate_secret****
>
> **·         **Added Client Read Request (GET)****
>
> **·         **Added Client Delete Request (DELETE)****
>
> **·         **Added "Self URL"****
>
> **·         **Added _links****
>
> **·         **Added Editor's Notes****
>
> **·         **Changed the Japanese client name to make it sound more
> natural****
>
> **·         **Added issued_at****
>
> **·         **Added client update example (that seems to be missing many
> parameters that were present in the registration request example)****
>
> **·         **Cleand up the indents****
>
> [Remarks] ****
>
>    - The operation parameter was removed but since the URL for the
>    registration and other operations are different, there should be no problem
>    in finding out what action should be taken. ****
>    - The URL for update etc. (Self URL) are given in _links/self/href.
>    For servers' backward compatibility with the current implementations, it
>    could be set like
>    https://server.example.com/connect/register?operation=client_update so
>    that the existing code is likely not break (if the web application
>    framework is putting GET and POST parameters together into an object) or
>    needs only minor change. Clients needs to read this value and store, so it
>    is a bigger change. ****
>
>  Unfortunately, I will be able to join the call only very briefly due to
> my flight schedule. ****
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130205/770a5b9b/attachment.html>


More information about the Openid-specs-ab mailing list