[Openid-specs-ab] Extending OpenID Connect Discovery

John Bradley ve7jtb at ve7jtb.com
Mon Apr 7 15:52:04 UTC 2014


Updating and publishing a new discovery spec is a long process involving an all member vote.

A registry for new elements is probably more practical and the way most specs deal with extension elements like this.

UMA is it's own protocol (sort of) so having it's own discovery document for things that are doing UMA is fine.

I think the question is how to deal with OAuth extensions that may or may not be generally supported.

I seem to recall from looking at  Gluu's Connect discovery document that you were adding extra elements.

We need to avoid name collision and give people a way to discover what extension elements are.

In principal private elements should use URI for names to avoid conflict.  eg:
"http://gluu.org/uma-config": "http://seed.gluu.org/.well-known/uma-configuration"

So extensions of discovery are possible now but the registry makes them more useful.

John B.

On Apr 7, 2014, at 9:05 AM, Michael Schwartz <mike at gluu.org> wrote:

> 
> Other OAuth2 protocols can define their own Webfinger-style discovery mechanism.
> UMA uses a similar convention: <host>/.well-known/uma-configuration
> 
> For example, the OX demo server:
>  http://seed.gluu.org/.well-known/uma-configuration
> 
> Wouldn't any changes to the OpenID Connect discovery spec just be dealt with in a future version OpenID Connect?
> 
> thx,
> 
> Mike
> 
> 
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list