<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sounds good. Are you also making the changes to both that appear to be agreed to – removing the operation parameter and rotate_secret and putting the client_id
parameter back for the update operation?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net]
<b>On Behalf Of </b>Nat Sakimura<br>
<b>Sent:</b> Saturday, February 02, 2013 9:13 AM<br>
<b>To:</b> Vladimir Dzhuvinov / NimbusDS<br>
<b>Cc:</b> openid-specs-ab@lists.openid.net Group<br>
<b>Subject:</b> Re: [Openid-specs-ab] Dynamic Client Registration<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">P.S. I am editing registration and oauth-dyn-reg so that they will be in the same format and can be easily compared. <o:p></o:p></p>
<div>
<p class="MsoNormal">I can probably share them tomorrow. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Nat<o:p></o:p></p>
<div>
<p class="MsoNormal">2013/2/2 Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>><o:p></o:p></p>
<p class="MsoNormal">Hi Vladimir,<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">I think there should be client_id in the request as well. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">See <a href="http://www.ietf.org/mail-archive/web/oauth/current/msg10636.html" target="_blank">http://www.ietf.org/mail-archive/web/oauth/current/msg10636.html</a> on what I think. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In fact, I like it to go even further, but that may be too big a departure. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">The cleanest way is to do like <a href="http://www.ietf.org/mail-archive/web/oauth/current/msg10643.html" target="_blank">http://www.ietf.org/mail-archive/web/oauth/current/msg10643.html</a> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">but to avoid the path pollution, we would have to introduce URI template (RFC6570) <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">and that means the client always need to be able to parse URI template <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">and that is probably asking too much to the client. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">Nat<o:p></o:p></span></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2013/2/2 Vladimir Dzhuvinov / NimbusDS <<a href="mailto:vladimir@nimbusds.com" target="_blank">vladimir@nimbusds.com</a>><o:p></o:p></p>
<p class="MsoNormal">Thank you John for explaining the story behind the current spec.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
> I would like to remove rotate_secret as it is not restful for<br>
> those that care and not especially useful.<o:p></o:p></p>
</div>
<p class="MsoNormal">If we think in terms of REST and CRUD, is there a scenario where a<br>
client may want to unregister? E.g. for an IdP service that is paid<br>
for?<br>
<br>
I also have a real case with a customer who wishes to add an optional<br>
manual registration UI which should speak to the dynamic registration<br>
endpoint for all requests:<br>
<br>
(1) client admin registering app,<br>
<br>
(2) client admin viewing existing registered app details,<br>
<br>
(3) client admin updating registered app details,<br>
<br>
(4) client admin deleting app registration.<br>
<br>
<br>
The current endpoint spec that we have covers (1) and (3); (2) is<br>
however only indirectly covered, using the update operation as a work<br>
around, and (4) not at all.<br>
<br>
The missing "client_id" from update operations also makes it hard for<br>
trusted third parties, such as the server hosting the manual reg UI, to<br>
handle updates, because the access_token is directly tied to the<br>
client_id and is used to derive it. If the client_id was specified<br>
explicitly we could then issue an access_token the reg UI server for all<br>
update operations.<br>
<span style="color:#888888"><br>
<br>
Vladimir</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>