[Openid-specs-fastfed] FW: OAuth Metadata Specifications Enhanced
Phil Hunt
phil.hunt at oracle.com
Wed Aug 3 21:52:35 UTC 2016
+1
Phil
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
> On Aug 3, 2016, at 2:35 PM, Hardt, Dick via Openid-specs-fastfed <openid-specs-fastfed at lists.openid.net> wrote:
>
> Agreed.
>
> On 8/3/16, 2:06 PM, someone claiming to be "Openid-specs-fastfed on behalf of openid-specs-fastfed at lists.openid.net <mailto:openid-specs-fastfed at lists.openid.net>" <openid-specs-fastfed-bounces at lists.openid.net <mailto:openid-specs-fastfed-bounces at lists.openid.net> on behalf of openid-specs-fastfed at lists.openid.net <mailto:openid-specs-fastfed at lists.openid.net>> wrote:
>
> I suspect that fastfed will want to take advantage of signed metadata as well.
>
> -- Mike
> <>
> From: Mike Jones
> Sent: Wednesday, August 3, 2016 2:05 PM
> To: openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>; Roland Hedberg <roland at catalogix.se <mailto:roland at catalogix.se>>
> Subject: FW: OAuth Metadata Specifications Enhanced
>
> These OAuth 2.0 metadata updates contain features in part motivated by the OpenID Connect Federation spec – in particular, signed metadata.
>
> -- Mike
>
> From: Mike Jones
> Sent: Wednesday, August 3, 2016 1:57 PM
> To: oauth at ietf.org <mailto:oauth at ietf.org>
> Subject: OAuth Metadata Specifications Enhanced
>
> The existing OAuth 2.0 Authorization Server Metadata <https://tools.ietf.org/html/draft-ietf-oauth-discovery> specification has now been joined by a related OAuth 2.0 Protected Resource Metadata <https://tools.ietf.org/html/draft-jones-oauth-resource-metadata> specification. This means that JSON metadata formats are now defined for all the OAuth 2.0 parties: clients, authorization servers, and protected resources.
>
> The most significant addition to the OAuth 2.0 Authorization Server Metadata specification is enabling signed metadata, represented as claims in a JSON Web Token (JWT). This is analogous to the role that the Software Statement plays in OAuth Dynamic Client Registration. Signed metadata can also be used for protected resource metadata.
>
> For use cases in which the set of protected resources used with an authorization server are enumerable, the authorization server metadata specification now defines the “protected_resources” metadata value to list them. Likewise, the protected resource metadata specification defines an “authorization_servers” metadata value to list the authorization servers that can be used with a protected resource, for use cases in which those are enumerable.
>
> The specifications are available at:
> · http://tools.ietf.org/html/draft-ietf-oauth-discovery-04 <http://tools.ietf.org/html/draft-ietf-oauth-discovery-04>
> · http://tools.ietf.org/html/draft-jones-oauth-resource-metadata-00 <http://tools.ietf.org/html/draft-jones-oauth-resource-metadata-00>
>
> HTML-formatted versions are also available at:
> · http://self-issued.info/docs/draft-ietf-oauth-discovery-04.html <http://self-issued.info/docs/draft-ietf-oauth-discovery-04.html>
> · http://self-issued.info/docs/draft-jones-oauth-resource-metadata-00.html <http://self-issued.info/docs/draft-jones-oauth-resource-metadata-00.html>
>
> -- Mike
>
> P.S. This notice was also posted at http://self-issued.info/?p=1591 <http://self-issued.info/?p=1591> and as @selfissued <https://twitter.com/selfissued>.
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net <mailto:Openid-specs-fastfed at lists.openid.net>
> http://lists.osuosl.org/mailman/listinfo/openid-specs-fastfed <http://lists.osuosl.org/mailman/listinfo/openid-specs-fastfed>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20160803/969ed25f/attachment-0001.html>
More information about the Openid-specs-fastfed
mailing list