<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
tt
{mso-style-priority:99;
font-family:"Courier New","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:431053059;
mso-list-template-ids:403730244;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:949119644;
mso-list-template-ids:2132682654;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You wrote: “</span>Explicit code branch is always better than the implicit one unless there is other compelling reasons such as security. <o:p></o:p></p>
<p class="MsoNormal">The code will be simpler, too.<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">” I agree. That’s why we should continue requiring that the client_id be present on update operations – to enable an explicit
code branch.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I disagree that having multiple endpoints is simpler than having one. But I’m not going to go back and forth on that in e-mail this afternoon. A common understanding
is more likely to be reach during a phone call than e-mail debates.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nat Sakimura [mailto:sakimura@gmail.com]
<br>
<b>Sent:</b> Wednesday, February 06, 2013 2:02 PM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> openid-specs-ab@lists.openid.net Group; Justin Richer<br>
<b>Subject:</b> Re: [Openid-specs-ab] Dynamic Client Registration<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2013/2/6 Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You’re welcome. Thanks for doing the discussion draft. Comments in-line in blue.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nat Sakimura [mailto:<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, February 06, 2013 12:56 AM</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a> Group; Justin Richer<br>
<b>Subject:</b> Re: [Openid-specs-ab] Dynamic Client Registration<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks Mike, <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Comments in-line: <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">2013/2/6 Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Updated versions attached that also address Brian Campbell’s review comments on Registration. The
versions at <a href="http://openid.bitbucket.org/" target="_blank">http://openid.bitbucket.org/</a> were also updated.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mike Jones
<br>
<b>Sent:</b> Tuesday, February 05, 2013 7:12 PM<br>
<b>To:</b> 'Nat Sakimura'<br>
<b>Cc:</b> <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a> Group; Justin Richer<br>
<b>Subject:</b> RE: [Openid-specs-ab] Dynamic Client Registration</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve applied the parts of Nat’s discussion draft that implement working group decisions to the current
registration draft. Changes applied are:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D">·</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Tracked wording changes intended to better harmonize with the OAuth registration draft</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D">·</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Corrected version number to -15. (Apparently it had been erroneously incremented twice – once by me, once by Nat)</span><o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Verdana","sans-serif"">Fixed #746 - Deleted the
</span><span lang="EN" style="font-family:"Courier New","serif";color:#003366">operation</span><span lang="EN" style="font-family:"Verdana","sans-serif""> parameter.
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Verdana","sans-serif"">Fixed #745 - Deleted the
</span><span lang="EN" style="font-family:"Courier New","serif";color:#003366">rotate_secret</span><span lang="EN" style="font-family:"Verdana","sans-serif""> operation.
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Verdana","sans-serif"">Changed the Japanese client name to make it sound more natural.
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Verdana","sans-serif"">Added optional </span>
<span lang="EN" style="font-family:"Courier New","serif";color:#003366">issued_at</span><span lang="EN" style="font-family:"Verdana","sans-serif""> response value.
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Verdana","sans-serif"">Added client update example.</span><o:p></o:p></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I did not apply these changes:</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">So these are the discussion item. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol;color:#1F497D">·</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-family:"Verdana","sans-serif"">Moved Terminology section out of Introduction to form an independent section and added several terminology definitions</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
– This would make the section hierarchy of registration different than all the other Connect specs</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">OK. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Client Read Request (GET)</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – No working group decision to add this operation</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">If the intended behavior of the "update" was in fact "replace", then having this is very useful. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m going to quote Tim Bray in his
<a href="https://www.tbray.org/ongoing/When/201x/2013/01/23/OAuth" target="_blank">
recent post about OAuth 2.0</a>: “</span><span lang="EN">The Working Group clearly needed more irritating loud-voiced minimalists stridently chanting
<a href="http://en.wikipedia.org/wiki/You_aren't_gonna_need_it" target="_blank">YAGNI! YAGNI! YAGNI!</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">” I think we’re running the same danger here. If we’re going to
have tight, easily implementable specs, I think the bar to add something has to be higher than whether we think something could be useful. The bar needs to be “Is this feature necessary?”. Client read clearly isn’t.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Disagree here. It will make the client implementation easier, and server implementation not any more complex. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Client Delete Request (DELETE)</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – No working group decision to add this operation</span> <o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We should discuss whether we need some sort of deactivation. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN"><a href="http://en.wikipedia.org/wiki/You_aren't_gonna_need_it" target="_blank">YAGNI! YAGNI! YAGNI!</a> ;-)</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I have no strong preference here but I have gut feeling that it will be cheaper to operate if we have this API. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added "Self URL"</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – No working group decision to add this functionality</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added </span><tt><span style="font-size:10.0pt;color:#003366">_links</span></tt><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – No working group decision to add this
functionality</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">From my read, the working group intent was to have a clearly separated endpoint for the initial registration and subsequent operations. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">While my proposal was achieving that in a backward compatible way<span style="font-size:7.5pt;font-family:"Courier New","serif"">[1]</span>, the current d15 does not have that.
Instead, it is looking at the existence of client_id to switch the behavior. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Actually, the server is free to switch the behavior based upon the access token used. (In fact,
it probably should.) Requiring the client_id to be present is really a cross-check that the holder of the access token actually has the client_id value too. It’s also a syntactic difference between the two operations, which can be useful if you want to branch
code paths before inspecting the access token.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Explicit code branch is always better than the implicit one unless there is other compelling reasons such as security. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">The code will be simpler, too. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">While this SOA like architecture is OK (and in general, that's how OAuth is), having the ability for the server to indicate the link relations url is one step closer to
<a href="http://en.wikipedia.org/wiki/HATEOAS" target="_blank">HATEOAS </a>(aka REST). In my proposal,
<span style="font-family:"Courier New","serif"">_links.self.href</span> represents the link-relationship defined in
<a href="http://tools.ietf.org/html/rfc5988" target="_blank">RFC5988 </a>and <a href="http://www.iana.org/assignments/link-relations/link-relations.xml" target="_blank">
IANA Link Relations registry</a>. In addition, we probably should define a media-type for the response, such as
<span style="font-family:"Courier New","serif"">application/json+oauth</span>, and define how the JSON should be serialized into URL form encoding (or JSON POST etc.) in the subsequent request. That will create a uniform interface. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I don’t think that we’ve ever espoused HATEOAS as a Connect goal per-se. Rather, we’ve tried to
stand for the specs being simple, minimal, easy to implement, and easy to deploy. That’s where I’m putting my efforts, anyway.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Clearly, we did. In the earlier drafts, in the abstract, it used to say <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<blockquote style="margin-left:30.0pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal">It allows Clients to verify the<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">identity of the End-User based on the authentication performed by<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">an Authorization Server, as well as to obtain basic profile information
<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">about the End-User in an interoperable and RESTful manner<o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">RESTful means HATEOAS. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">To achieve this, syntactically, we would have three ways: HAL that I used and JSON Schema. If it were JSON Schema, it would have benn <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Courier New","serif"">links.rel['self'][0].href</span> instead. I found HAL-wya of being <span style="font-family:"Courier New","serif"">_links.self.href</span>
a bit easier on my eyes so I used HAL. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This goes against the “simple” and “minimal” goals, at least as I see it. Having “self” links is
pretty esoteric.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The third way is to use HTTP response header in the form of: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Courier New","serif"">Link: <<a href="https://server.example.com/clients/1234" target="_blank">https://server.example.com/clients/1234</a>>; rel="self";</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Courier New","serif""> title="oauth client registration url"</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Arguably, this is the best way for OAuth, which is currently completely HTTP based. <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Downside is that if we start having other binding (e.g., IMAP, XMPP, etc.), then we have to fall back to HAL or other ways. <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt">[1] by providing </span><span style="font-size:10.0pt;font-family:"Courier New","serif"">_links.self.href</span><span style="font-size:10.0pt"> as
the registration URL + </span><span style="font-size:10.0pt;font-family:"Courier New","serif"">"?operation=client_update</span><span style="font-size:10.0pt">" </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Requiring that the registration endpoint host a different client update endpoint for every registered
client is a HUGE change and adds significant complexity without a commensurate benefit. We already have the registration_access_token values (and client_id values) to distinguish the clients. We don’t need a third way too.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Disagree. It does not "require different client update endpoint for every registered client". <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">It does not preclude the server to use the same URL for both registration and update and for all the clients. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Syntactically, it can build a backward compatible API as I have expressed several times in this thread, <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">though it is a bad engineering choice, IMHO. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">It just gives more freedom for the server, and makes it easier to implement. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Editor's Notes</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – We should be tracking issues in the issue tracker instead</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Did you create tracker entries? <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I added
<a href="https://bitbucket.org/openid/connect/issue/747/registration-21-should-request-be-form" target="_blank">
https://bitbucket.org/openid/connect/issue/747/registration-21-should-request-be-form</a> for the major one. You might want to go through the other editor’s comments and add issues for those that you think still apply.</span><o:p></o:p></p>
</div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Cleaned up the indents</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> – Were there were no text changes from the original version, I tried to keep the exact text
from the original to facilitate diff’ing the .xml source. Where there were changes, I tried to keep Nat’s .xml formatting.</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">IMHO, at some point before publishing, we should clean the indent. Perhaps creating a text without any text change but only the indent would be good. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m not against doing that right before we go final but while we’re still editing, I’d request that
people refrain from changing the formatting of a paragraph unless you’re actually changing its content. Doing so just makes it a lot harder to tell what’s actually changed. (Actually, my diff tool can be set to ignore spacing, so if you want to change the
indentation of a paragraph, that’s fine with me – just don’t change where the line breaks occur.)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I believe that most of the indentation inconsistencies are caused by people using text editors that
assume that tab characters indent by 4 spaces. Then when displayed using standard 8-space tab spacing, some of the text is indented too far. It would be better if we used only spaces and no tabs, but I realize that may be possible in some editors and not
others.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I don’t want to do the big reformat until the very end because I expect that unless everyone finds
a way to stop having tab characters inserted, the indentation inconsistencies will continue.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The other inconsistency is that while text formatted like (1) below is easier to read and maintain
than text formatted like (2), some of the tools used (or people doing editing) apparently prefer (2).
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(1)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <t></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Text.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </t></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(2)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <t>Text.</t></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For what it’s worth, whenever I’m changing the majority of a paragraph, I always convert it to style
(1), if necessary, to improve readability.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Also, I intentionally start different sentences on different lines of the .xml, to improve diff-ability
and readability of the source. The “big reformat” would screw that up.</span><o:p></o:p></p>
</div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I also did not apply a big unlisted change, which had changed the semantics of Client Update from replace-all-fields to update-only-listed-fields – No working group decision
to change this functionality</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Actually, it was not very clear in d14 whether it was a replacement or update. It only had a non-normative (i.e., no MUST, SHOULD, etc.) text saying "<span style="font-family:"Verdana","sans-serif";background:white">Client
Update Requests replace all previous parameters set for a </span><tt><span style="font-size:10.0pt;color:#003366;background:white">client_id</span></tt><span style="font-family:"Verdana","sans-serif";background:white">." Were it to be a normative text, it
had to state something like: </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">Upon the receipt of the request, the server MUST update all the registered parameters set for a </span><span style="font-family:"Courier New","serif";color:#003366;background:white">client_id</span><span style="font-family:"Verdana","sans-serif";background:white"> in
the request with the received value, MUST update all the registered parameters not included in the request but with a server default with the current server default value, and MUST delete any other previously registered parameters. </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://openid.bitbucket.org/openid-connect-registration-1_0.html#ClientUpdateRequest" target="_blank">http://openid.bitbucket.org/openid-connect-registration-1_0.html#ClientUpdateRequest</a>
says: “All Client Metadata values, other than the Client ID and Registration Access Token are replaced by this operation.” I think that this is already pretty clear, but we could add the “MUST delete” language if you think it would make it clearer.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">This means </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">(1) the client has to store all the returned value from the registration request [it is OK but we probably should
state it if so.];</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";color:#1F497D;background:white"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;background:white">Not true. The client can simply remember what values it used in the initial registration
and apply diffs to those for the changes that it wants. The client actually doesn’t need the returned values at all. (And see the thread “Fields that the server has provisioned on the client's behalf” for a discussion of the ambiguities that trying to use
the returned values could cause.)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">(2) the update request MUST include all the values in (1), otherwise it may change the values;</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Actually, it likely only needs to include all the values in the initial registration request – not
any of those returned – other than the client_id and using the registration_access_token.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">(3) the update request creates new parameters if the server defaults were added between the registration and update;
</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes, that could occur. This actually argues against trying to pass returned values (other than the
client_id and registration_access_token) back in the update request.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">Now, the question is, is this the intended behavior? </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This question makes me think that to clear up this ambiguity, we probably want to say that the returned
values, other than client_id and registration_access_token, are informational and should not be passed back to the registration endpoint in update requests.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family:"Verdana","sans-serif";background:white">Also, another question is that if the server changed the server default, would this affect the currently registered
values? My read is "no", but just to make sure -- and we should clarify it in any case. </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Servers may or may not affect currently registered clients, with there being good (usability and
security) arguments for both cases. I don’t think we can dictate this one way or another.</span><o:p></o:p></p>
</div>
<div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">Justin</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">, it would
be good if you applied the changes made in this version to the OAuth registration draft as well, because there were numerous bug fixes – especially in the examples. (BTW, you can’t put more than 70 characters in an <artwork> line or xml2rfc complains when
producing the .txt version.)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The .xml, .unpg (unpaginated text), and .html versions are attached.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ll send a few questions about the current text separately.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nat Sakimura [<a href="mailto:sakimura@gmail.com" target="_blank">mailto:sakimura@gmail.com</a>]
</span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>Sent:</b> Monday, February 04, 2013 2:03 PM<br>
<b>To:</b> Mike Jones<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>Cc:</b>
<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a> Group; Justin Richer<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<b>Subject:</b> Re: [Openid-specs-ab] Dynamic Client Registration<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">OK. Now I have uploaded the correct Discussion Draft 17.
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
HTML: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/draft-openid-connect-registration-1_0.html" target="_blank">
http://nat.sakimura.org/wp-content/uploads/2013/02/draft-openid-connect-registration-1_0.html</a><br>
diff: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-diff-16-17.txt" target="_blank">
http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-diff-16-17.txt</a><o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">XML: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0.xml" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0.xml</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">TXT (d16): <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d16.txt" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d16.txt</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">TXT (d17): <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d17.txt" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d17.txt</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
[Changes] <o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif"">-17 discussion version</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Moved Terminology section out of Introduction to form an independent section and added several terminology definitions</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Deleted the </span><tt><span style="font-size:10.0pt;color:#003366">operation</span></tt><span style="font-family:"Verdana","sans-serif""> parameter</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Deleted the </span><tt><span style="font-size:10.0pt;color:#003366">rotate_secret</span></tt><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Client Read Request (GET)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Client Delete Request (DELETE)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added "Self URL"</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added </span><tt><span style="font-size:10.0pt;color:#003366">_links</span></tt><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added Editor's Notes</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Changed the Japanese client name to make it sound more natural</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added issued_at</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Added client update example (that seems to be missing many parameters that were present in the registration request example)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:24.0pt;mso-margin-bottom-alt:auto;margin-left:60.0pt">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-family:"Verdana","sans-serif"">Cleand up the indents</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">[Remarks] <o:p></o:p></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
The <tt><span style="font-size:10.0pt;color:#003366">operation</span></tt><span style="font-family:"Verdana","sans-serif""> parameter was removed but since the URL for the registration and other operations are different, there should be no problem in finding
out what action should be taken. </span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
The URL for update etc. (Self URL) are given in _links/self/href. For servers' backward compatibility with the current implementations, it could be set like
<span style="font-family:"Courier New","serif""><a href="https://server.example.com/connect/register?operation=client_update" target="_blank">https://server.example.com/connect/register?operation=client_update</a></span> so that the existing code is likely
not break (if the web application framework is putting GET and POST parameters together into an object) or needs only minor change. Clients needs to read this value and store, so it is a bigger change. <o:p></o:p></li></ul>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Unfortunately, I will be able to join the call only very briefly due to my flight schedule. <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">--
<br>
Nat Sakimura (=nat)<br>
Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">--
<br>
Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</body>
</html>