I agree that any URI could be used but that it MUST be understood by the AS to be local to the AS (and not something that can be impersonated by an attacker). I wouldn’t even go so far as RECOMMENDED, but it’s certainly an option.
— Justin > On Apr 27, 2020, at 4:41 AM, Filip Skokan <panva...@gmail.com> wrote: > > I believe implementers should be free to devise their own URIs and not be > locked down to one by the spec, at the same time, and RFC6755 subnamespace > would be good for guidance. > > So, I would suggest it be RECOMMENDED to use e.g. > `urn:ietf:params:oauth:request_uri:<random>` (Brian's proposal) but also that > any URN or URL will do if the circumstances call for it. > > Best, > Filip > > > On Sun, 26 Apr 2020 at 17:20, Torsten Lodderstedt > <torsten=40lodderstedt....@dmarc.ietf.org > <mailto:40lodderstedt....@dmarc.ietf.org>> wrote: > Hi all, > > another topic from last week’s virtual meeting. > > Shall there be guidance on the request URI structure? > > Please state your opinion. > > thanks in advance, > Torsten. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
