Discovery - Monitor IETF discovery spec decisions
Issue #576
resolved
Monitor IETF discussions on SWD and WebFinger.
Our requirements include JSON support and being able to discover information with a single GET unless there is a redirect.
Comments (6)
-
Account Deleted
-
There is a trust issue in letting users configure the paramaters of the Oauth server.
The other issue is that XRD documents are about there subject, the openid server configuration is represented as a link relationship following the spec. Embedding the information while possible creates maintenence and symantic issues. If we use web-finger we should use it propperly.
John B.
-
reporter
-
assigned issue to
Michael Jones
- changed status to open
-
assigned issue to
-
reporter
- changed milestone to Final
It looks like we will be able to switch to WebFinger after the implementer's drafts.
-
reporter
- changed status to on hold
-
reporter
- changed status to resolved
We are now using WebFinger. The "monitoring" part is a duplicate of
#47. - Log in to comment
I wish to clarify one of these requirements: OpenID Connect's discovery is a two-step process to get a complete set of information. Once for the SWD to get the issuer (which is a one-step fetch barring redirects), and once for the openid-configuration document after you get the issuer. While the latter is optional, it's necessary in the common distributed case where the information about the issuer's endpoints is not preconfigured. While this step is outside the scope of SWD proper, I believe it's important to look at SWD in its wider application context as well. To wit, if Webfinger/XRD takes two steps but I get all of the service provider endpoints in those two steps, I consider it as simple as SWD for this use case.