-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
incorporated second round of RFC editor edits
- Loading branch information
Showing
2 changed files
with
38 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -708,11 +708,11 @@ IjoI3zTJ0Y2oe0_EJAiXbL6OyF9S5tKxDXV8JIndSA | |
| <t/> | ||
|
|
||
| <t>The software statement is typically distributed with all instances | ||
| of a client application.The means by which a client or developer | ||
| of a client application. The means by which a client or developer | ||
| obtains a software statement are outside the scope of this | ||
| specification. Some common methods could include a client developer | ||
| generating a client-specific JWT by registering with a software | ||
| API publisher to obtain a software statement for a class of clients. </t> | ||
| API publisher to obtain a software statement for a class of clients.</t> | ||
|
|
||
| <t>The criteria by which authorization servers determine whether to | ||
| trust and utilize the information in a software statement are outside | ||
|
|
@@ -827,9 +827,9 @@ IjoI3zTJ0Y2oe0_EJAiXbL6OyF9S5tKxDXV8JIndSA | |
| "client_name": "My Example Client", | ||
| "client_name#ja-Jpan-JP": | ||
| "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", | ||
| "token_endpoint_auth_method":"client_secret_basic", | ||
| "token_endpoint_auth_method": "client_secret_basic", | ||
| "policy_uri": "https://client.example.org/policy.html", | ||
| "jwks":{"keys": [{ | ||
| "jwks": {"keys": [{ | ||
| "e": "AQAB", | ||
| "n": "nj3YJwsLUFl9BmpAbkOswCNVx17Eh9wMO-_AReZwBqfaWFcfG | ||
| HrZXsIV2VMCNVNU8Tpb4obUaSXcRcQ-VMsfQPJm9IzgtRdAY8NN8Xb7PEcYyk | ||
|
|
@@ -1102,10 +1102,6 @@ IjoI3zTJ0Y2oe0_EJAiXbL6OyF9S5tKxDXV8JIndSA", | |
| </section> | ||
| </section> | ||
|
|
||
| <!--[rfced] We recall that M. Jones had a preference for using Designated | ||
| Experts (plural) in previous documents in this cluster. We have updated | ||
| the IANA section accordingly: please let us know any objections. | ||
| --> | ||
|
|
||
| <section anchor="IANA" title="IANA Considerations"> | ||
| <section anchor="MetadataRegistry" | ||
|
|
@@ -1132,36 +1128,6 @@ the IANA section accordingly: please let us know any objections. | |
| and, if applicable, suggestions as to how to make the request | ||
| successful.</t> | ||
|
|
||
| <!--[rfced] We note that the text in the OAuth Dynamic Client Registration | ||
| Metadata Registry section (and the OAuth Token Endpoint Authentication | ||
| Methods Registry section) is very similar to the text in the IANA | ||
| Considerations section of RFC 7518. However, the following text appears | ||
| in RFC 7518 and not in this document. Please consider if similar text | ||
| would be beneficial to the reader. | ||
| From RFC 7518: | ||
| Registration requests that are undetermined for a period longer than | ||
| 21 days can be brought to the IESG's attention (using the | ||
| [email protected] mailing list) for resolution. | ||
| Criteria that should be applied by the Designated Experts include | ||
| determining whether the proposed registration duplicates existing | ||
| functionality, whether it is likely to be of general applicability or | ||
| useful only for a single application, and whether the registration | ||
| description is clear. | ||
| ... | ||
| It is suggested that multiple Designated Experts be appointed who are | ||
| able to represent the perspectives of different applications using | ||
| this specification, in order to enable broadly informed review of | ||
| registration decisions. In cases where a registration decision could | ||
| be perceived as creating a conflict of interest for a particular | ||
| Expert, that Expert should defer to the judgment of the other | ||
| Experts. | ||
| --> | ||
|
|
||
| <t>IANA must only accept registry updates from the Designated | ||
| Experts and should direct all requests for registration to the | ||
| review mailing list.</t> | ||
|
|
@@ -1443,8 +1409,12 @@ to match the minor changes made in the descriptions below. | |
|
|
||
| <section anchor="TEAMTemplate" title="Registration Template"> | ||
| <t><list style="hanging"> | ||
|
|
||
| <!--[rfced] Note that the update from "Authorization" to "Authentication" throughout Sections 4.2.1 and 4.2.2 will be communicated to IANA prior to publication. | ||
| --> | ||
| <t | ||
| hangText="Token Endpoint Authorization Method Name:"><vspace/> | ||
| hangText="Token Endpoint Authentication Method Name:"><vspace/> | ||
| The name requested (e.g., "example"). This name is case | ||
| sensitive. Names that match other registered names in a case-insensitive manner SHOULD NOT be accepted.</t> | ||
|
|
||
|
|
@@ -1466,7 +1436,7 @@ to match the minor changes made in the descriptions below. | |
| Methods Registry are:</t> | ||
|
|
||
| <t><?rfc subcompact="yes"?> <list style="symbols"> | ||
| <t>Token Endpoint Authorization Method Name: <spanx | ||
| <t>Token Endpoint Authentication Method Name: <spanx | ||
| style="verb">none</spanx></t> | ||
|
|
||
| <t>Change Controller: IESG</t> | ||
|
|
@@ -1475,7 +1445,7 @@ to match the minor changes made in the descriptions below. | |
| </list></t> | ||
|
|
||
| <t><list style="symbols"> | ||
| <t>Token Endpoint Authorization Method Name: <spanx | ||
| <t>Token Endpoint Authentication Method Name: <spanx | ||
| style="verb">client_secret_post</spanx></t> | ||
|
|
||
| <t>Change Controller: IESG</t> | ||
|
|
@@ -1484,7 +1454,7 @@ to match the minor changes made in the descriptions below. | |
| </list></t> | ||
|
|
||
| <t><list style="symbols"> | ||
| <t>Token Endpoint Authorization Method Name: <spanx | ||
| <t>Token Endpoint Authentication Method Name: <spanx | ||
| style="verb">client_secret_basic</spanx></t> | ||
|
|
||
| <t>Change Controller: IESG</t> | ||
|
|
@@ -1504,7 +1474,7 @@ to match the minor changes made in the descriptions below. | |
| transport-layer security mechanism when sending requests to the | ||
| registration endpoint. The server MUST support TLS 1.2 <xref | ||
| target="RFC5246"></xref> and MAY support additional | ||
| transport-layer mechanisms meeting its security requirements. When using | ||
| transport-layer security mechanisms meeting its security requirements. When using | ||
| TLS, the client MUST perform a TLS/SSL server certificate check, per | ||
| <xref target="RFC6125">RFC 6125</xref>. Implementation security | ||
| considerations can be found in <xref target="BCP195">Recommendations | ||
|
|
@@ -1569,7 +1539,7 @@ NEW: | |
| to the browser alongside the code.</t> | ||
|
|
||
| <t>Since different OAuth 2.0 grant types have different security and | ||
| usage aspects, an authorization server MAY require separate | ||
| usage properties, an authorization server MAY require separate | ||
| registrations for a piece of software to support multiple grant types. | ||
| For instance, an authorization server might require that all clients | ||
| using the <spanx style="verb">authorization_code</spanx> grant type make | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters