[Openid-specs-fastfed] FW: OAuth Metadata Specifications Enhanced

Hardt, Dick dick at amazon.com
Wed Aug 3 21:35:42 UTC 2016


Agreed.

On 8/3/16, 2:06 PM, someone claiming to be "Openid-specs-fastfed on behalf of openid-specs-fastfed at lists.openid.net<mailto:openid-specs-fastfed at lists.openid.net>" <openid-specs-fastfed-bounces at lists.openid.net<mailto:openid-specs-fastfed-bounces at lists.openid.net> on behalf of openid-specs-fastfed at lists.openid.net<mailto:openid-specs-fastfed at lists.openid.net>> wrote:

I suspect that fastfed will want to take advantage of signed metadata as well.

                                                       -- Mike

From: Mike Jones
Sent: Wednesday, August 3, 2016 2:05 PM
To: openid-specs-ab at lists.openid.net; Roland Hedberg <roland at catalogix.se>
Subject: FW: OAuth Metadata Specifications Enhanced

These OAuth 2.0 metadata updates contain features in part motivated by the OpenID Connect Federation spec – in particular, signed metadata.

                                                       -- Mike

From: Mike Jones
Sent: Wednesday, August 3, 2016 1:57 PM
To: oauth at ietf.org<mailto:oauth at ietf.org>
Subject: OAuth Metadata Specifications Enhanced

The existing OAuth 2.0 Authorization Server Metadata<https://tools.ietf.org/html/draft-ietf-oauth-discovery> specification has now been joined by a related OAuth 2.0 Protected Resource Metadata<https://tools.ietf.org/html/draft-jones-oauth-resource-metadata> specification.  This means that JSON metadata formats are now defined for all the OAuth 2.0 parties: clients, authorization servers, and protected resources.

The most significant addition to the OAuth 2.0 Authorization Server Metadata specification is enabling signed metadata, represented as claims in a JSON Web Token (JWT).  This is analogous to the role that the Software Statement plays in OAuth Dynamic Client Registration.  Signed metadata can also be used for protected resource metadata.

For use cases in which the set of protected resources used with an authorization server are enumerable, the authorization server metadata specification now defines the “protected_resources” metadata value to list them.  Likewise, the protected resource metadata specification defines an “authorization_servers” metadata value to list the authorization servers that can be used with a protected resource, for use cases in which those are enumerable.

The specifications are available at:

·         http://tools.ietf.org/html/draft-ietf-oauth-discovery-04

·         http://tools.ietf.org/html/draft-jones-oauth-resource-metadata-00

HTML-formatted versions are also available at:

·         http://self-issued.info/docs/draft-ietf-oauth-discovery-04.html

·         http://self-issued.info/docs/draft-jones-oauth-resource-metadata-00.html

                                                       -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1591 and as @selfissued<https://twitter.com/selfissued>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/openid-specs-fastfed/attachments/20160803/f9f37059/attachment-0001.html>


More information about the Openid-specs-fastfed mailing list