[Openid-specs-ab] OIDC Discovery and OAuth2 LRDD

Richer, Justin P. jricher at mitre.org
Wed Nov 7 15:43:57 UTC 2012


One of my longstanding complaints about OIDC Discovery is that while it tries to follow a generalizable process to find the issuer, the document that defines the server configuration is a completely bespoke JSON structure. I hadn't seen this document before, but there was recently an admittedly-incomplete attempt by William Mills to put together a spec to define LRDD based discovery for OAuth2 endpoints and configuration parameters. 

http://datatracker.ietf.org/doc/draft-wmills-oauth-lrdd/

Shouldn't we be using some kind of host link-based configuration format like this instead of a new JSON document? Shouldn't we be trying to engage the larger service discovery community as opposed to just pasting something in for OIDC alone?

 -- Justin


More information about the Openid-specs-ab mailing list