<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
The wouldn't a better approach be to take the constructs of LRDD and move them into the JSON world? Maybe using the HAL linking format that Nat's brought up.
<div><br>
</div>
<div>What bothers me is a bespoke solution for a generic problem in OIDC.<br>
<div><br>
</div>
<div> -- Justin</div>
<div><br>
<div>
<div>On Nov 8, 2012, at 12:37 PM, Mike Jones wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div>
<div>
<div style="font-family:Calibri,sans-serif; font-size:11pt">Part of what makes JSON more popular and successful than XML is that there *isn't* any usually-unnecessary metadata or introspection facilities built into the format. In my opinion, trying to superimpose
this structure on our use of JSON after the fact is both unnecessary and counter to what developers want.<br>
<br>
They're voting with their feet and we want their votes.<br>
<br>
-- Mike<br>
<br>
</div>
</div>
<hr>
<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">From:
</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">Nat Sakimura</span><br>
<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">Sent:
</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">11/8/2012 10:12 AM</span><br>
<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">To:
</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">Richer, Justin P.</span><br>
<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">Cc:
</span><span style="font-family:Tahoma,sans-serif; font-size:10pt"><a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a> Group</span><br>
<span style="font-family:Tahoma,sans-serif; font-size:10pt; font-weight:bold">Subject:
</span><span style="font-family:Tahoma,sans-serif; font-size:10pt">Re: [Openid-specs-ab] OIDC Discovery and OAuth2 LRDD</span><br>
<br>
<div>P.S. You can see how I was feeling from my blog post
<div><br>
</div>
<div><a href="http://nat.sakimura.org/2012/09/16/uri-template-in-openid-connect-provider-configuration-response/">http://nat.sakimura.org/2012/09/16/uri-template-in-openid-connect-provider-configuration-response/</a></div>
<div><b><br>
</b></div>
<div>It predates <a href="http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/">http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/</a></div>
<div><br>
</div>
<div>Nat<br>
<br>
<div class="gmail_quote">On Thu, Nov 8, 2012 at 10:58 PM, Nat Sakimura <span dir="ltr">
<<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
It is a bit late in the game, but I do agree being able to express them in the link based structure (not LRDD though, it needs to be JSON) is nice.
<div><br>
</div>
<div>HAL or Hyper-meta schema would be good. </div>
<div><br>
</div>
<div>Note: none of them are RFC however, so we need to do something in that respect. </div>
<div><br>
</div>
<div>The only reason that it is a flat thing is that there were a strong desire to do very simple thing at the beginning. Maybe OAuth discovery document is simple enough that a flat schema makes sense, but OIDC configuration is complex enough that we may want
to consider an alternate format. </div>
<div><br>
</div>
<div>Having said that, there is a political issues as well. It is soooo late in the documents life cycle and as we do not want to give the community impression that we are still unstable, whether it is worth pursuing should be evaluated carefully. </div>
<div><br>
</div>
<div>Best, </div>
<div><br>
</div>
<div>Nat</div>
<div>
<div>
<div class="h5"><br>
<div class="gmail_quote">On Thu, Nov 8, 2012 at 12:43 AM, Richer, Justin P. <span dir="ltr">
<<a href="mailto:jricher@mitre.org" target="_blank">jricher@mitre.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
One of my longstanding complaints about OIDC Discovery is that while it tries to follow a generalizable process to find the issuer, the document that defines the server configuration is a completely bespoke JSON structure. I hadn't seen this document before,
but there was recently an admittedly-incomplete attempt by William Mills to put together a spec to define LRDD based discovery for OAuth2 endpoints and configuration parameters.<br>
<br>
<a href="http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/" target="_blank">http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/</a><br>
<br>
Shouldn't we be using some kind of host link-based configuration format like this instead of a new JSON document? Shouldn't we be trying to engage the larger service discovery community as opposed to just pasting something in for OIDC alone?<br>
<br>
-- Justin<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span class="HOEnZb"><font color="#888888">-- <br>
Nat Sakimura (=nat)
<div>Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
<br>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Nat Sakimura (=nat)
<div>Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</body>
</html>