[Openid-specs-ab] OIDC Discovery and OAuth2 LRDD
Richer, Justin P.
jricher at mitre.org
Wed Nov 7 15:43:57 UTC 2012
One of my longstanding complaints about OIDC Discovery is that while it tries to follow a generalizable process to find the issuer, the document that defines the server configuration is a completely bespoke JSON structure. I hadn't seen this document before, but there was recently an admittedly-incomplete attempt by William Mills to put together a spec to define LRDD based discovery for OAuth2 endpoints and configuration parameters.
http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/
Shouldn't we be using some kind of host link-based configuration format like this instead of a new JSON document? Shouldn't we be trying to engage the larger service discovery community as opposed to just pasting something in for OIDC alone?
-- Justin
More information about the Openid-specs-ab
mailing list