Discovery - Monitor IETF discovery spec decisions

Issue #576 resolved
Michael Jones
created an issue

Monitor IETF discussions on SWD and WebFinger.

Our requirements include JSON support and being able to discover information with a single GET unless there is a redirect.

Comments (6)

  1. Justin Richer

    I wish to clarify one of these requirements: OpenID Connect's discovery is a two-step process to get a complete set of information. Once for the SWD to get the issuer (which is a one-step fetch barring redirects), and once for the openid-configuration document after you get the issuer. While the latter is optional, it's necessary in the common distributed case where the information about the issuer's endpoints is not preconfigured. While this step is outside the scope of SWD proper, I believe it's important to look at SWD in its wider application context as well. To wit, if Webfinger/XRD takes two steps but I get all of the service provider endpoints in those two steps, I consider it as simple as SWD for this use case.

  2. John Bradley

    There is a trust issue in letting users configure the paramaters of the Oauth server.

    The other issue is that XRD documents are about there subject, the openid server configuration is represented as a link relationship following the spec. Embedding the information while possible creates maintenence and symantic issues. If we use web-finger we should use it propperly.

    John B.

  3. Log in to comment