[Openid-specs-ab] Add openid_configuration to basic profile

Mike Jones Michael.Jones at microsoft.com
Tue Apr 7 04:46:18 UTC 2015 

What we agreed to in in the OpenID workshop today was that the RP certification software would require RPs to support configuration via the OP's .well-known/openid-configuration information.  This was uncontroversial since all known RP software supports this and all known OPs publish their discovery information at .well-known/openid-configuration.

We also talked about adding language to http://openid.net/specs/openid-connect-basic-1_0.html recommending that basic RPs support the discovery functionality described in http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.  I'm fine with doing this.

Especially given that Core is a final specification, I'm not OK changing it to require implementation of discovery functionality.  The good news is that marketplace forces and practical implementation considerations have already resulted in all known OPs implementing .well-known/openid-configuration.  I don't think there's anything we need to do the specs to reinforce this (although we could write an openid.net blog post to do so, if we think it's appropriate).

				Cheers,
				-- Mike

-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Justin Richer
Sent: Monday, April 06, 2015 4:08 PM
To: Torsten Lodderstadt
Cc: openid-specs-ab at lists.openid.net Ab
Subject: Re: [Openid-specs-ab] Add openid_configuration to basic profile

I think it makes sense for it to be mandatory for the server to support it (so any client can count on it), optional for clients to use it overall (because there will always be constrained clients that don’t want to do another network call), and mandatory in the Basic Client profile.

 — Justin

> On Apr 6, 2015, at 3:44 PM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
> 
> Hi all,
> 
> during the OpenID workshop at IIW it became apparent that most OPs expect RPs to use the openid configuration to dynamically determine the OPs endpoints and properties. In my opinion this makes a lot of sense as it allows the OP to easier manage changes to those aspects.
> 
> I therefore would like to propose to add an explanation of the way this part of OIDC discovery works to the basic client profile document and potentially also make use of the OpenID configuration mandatory for RPs.
> 
> kind regards,
> Torsten.
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

More information about the Openid-specs-ab mailing list