>> >> > >> How is a UMA requestor envisioned to discover the auth server? > > On the Host side the user can tell it which AM (in UMA terms it's an > Authorization Manager, some sort of extended AS) to use or it might be > discovered via webfinger or similar means. > > The process for requesters is up to discussion a bit right now. In my > prototype the Host is telling the Requester which AM is registered to > the resource it tries to access. Then client registration can start from > there.
How does the Host tell the requester? I would imagine using host-meta, too. regards, Torsten. > >> I think host-meta based client discovery could be to limited since it >> does not allow (at least in my understanding) to serve different >> clients (or their home web apps) on the same host. What about using >> JRD or XRD? This would allow for a client-URL-related discovery. > > You are right. The question here might be if the LRDD part is being used > or if maybe directly point to the client spec which would save one > redirection. Not sure if we need to add a type field in this case, too > (e.g. if JRD or XRD). I would favour to use only one format (JRD) though. > > > -- Christian > >> What means for authentication a client against its home web app. do >> you envision? >> >> regards, Torsten. >> >> Am 10.08.2010 um 21:31 schrieb Eve Maler <e...@xmlgrrl.com>: >> >>> Folks-- The UMA group has produced the following I-D as input to >>> the OAuth discovery/registration/binding discussion. We wanted to >>> set forth our requirements (knowing that there may be other >>> requirements from the wider community) and propose some solutions >>> that meet them. If further discussion seems to warrant an updating >>> of this draft, we're happy to do that. (If you have interest in >>> getting involved in UMA-specific work, feel free to drop me a >>> note.) >>> >>> Eve >>> >>> http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt >>> >>> Begin forwarded message: >>> >>>> From: IETF I-D Submission Tool <idsubmiss...@ietf.org> Date: 10 >>>> August 2010 12:23:59 PM PDT To: e...@xmlgrrl.com Cc: >>>> c...@comlounge.net, m.p.machu...@ncl.ac.uk Subject: New Version >>>> Notification for draft-oauth-dyn-reg-v1-00 >>>> >>>> >>>> A new version of I-D, draft-oauth-dyn-reg-v1-00.txt has been >>>> successfully submitted by Eve Maler and posted to the IETF >>>> repository. >>>> >>>> Filename: draft-oauth-dyn-reg-v1 Revision: 00 Title: >>>> OAuth Dynamic Client Registration Protocol Creation_date: >>>> 2010-08-10 WG ID: Independent Submission Number_of_pages: >>>> 20 >>>> >>>> Abstract: This specification proposes an OAuth Dynamic Client >>>> Registration protocol. >>>> >>>> >>>> >>>> The IETF Secretariat. >>>> >>>> >>> >>> >>> Eve Maler http://www.xmlgrrl.com/blog >>> http://www.twitter.com/xmlgrrl http://www.linkedin.com/in/evemaler >>> >>> _______________________________________________ OAuth mailing list >>> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ OAuth mailing list >> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth > > > -- > Christian Scholz Homepage: http://comlounge.net > COM.lounge GmbH http://mrtopf.de/blog > Hanbrucher Str. 33 http://twitter.com/mrtopf > 52064 Aachen Skype: HerrTopf > Tel: +49 241 400 730 0 c...@comlounge.net > Fax: +49 241 979 00 850 IRC: MrTopf > > Podcasts: > Der OpenWeb-Podcast (http://openwebpodcast.de) > Data Without Borders (http://datawithoutborders.net) > Politisches: http://politfunk.de/ > Technical: http://comlounge.tv/ > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
