Protocol Action: 'OAuth 2.0 Authorization Server Metadata' to Proposed Standard (draft-ietf-oauth-discovery-10.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:
- 'OAuth 2.0 Authorization Server Metadata'
  (draft-ietf-oauth-discovery-10.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/





Technical Summary

This specification defines a metadata format that an OAuth 2.0 client
can use to obtain the information needed to interact with an OAuth
2.0 authorization server, including its endpoint locations and
authorization server capabilities.

Working Group Summary

Work on a discovery mechanism for OAuth was planned since a long 
time but it took till late 2015 before a document was submitted 
to the group, which re-used work done in the OpenID Foundation.
When the WGLC was started in 2016, see 
https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html, 
feedback resulted in refocusing the scope of the specification, 
removing everything except for the authorization server metadata. 

Now, almost a year later these concerns have been resolved and
the document is ready for publication. 

Document Quality

The document scope has been changed to capture current deployment 
practice. 

There are 34 authorization server and 9 OAuth client implementations
listed at http://openid.net/certification/ that implement metadata 
compatible with the AS metadata specification.
(See the "Config OP" and "Config RP" columns.)

Microsoft and Google are using this specification in deployment. 

Personnel

Hannes Tschofenig is the document shepherd and the responsible area 
director is Eric Rescorla.




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux