Subject: FW: [oauth-extensions] OAuth Discovery 1.0 Draft 1
This relies on XRDS quite a bit – Eran reproduces a lot of our text – volunteers here to make sure there are no issues?
firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Eran Hammer-Lahav
I am happy to announce my first draft of the proposed Discovery specification. Somewhere along the road it got really big and somewhat complicated and I am hoping to trim it down a bit during the next few drafts. The goal is to figure out which areas can be made less flexible in exchange for simplicity and easy of development.
Unlike OAuth Core, I do not expect Discovery to be implemented by novice developers. At the same time, it shouldn’t require years of experience to figure out. What I’ve attempted to do was provide the ability to enable full discovery from a Protected Resource URL without knowing anything else about the Service Provider except that it supports OAuth. This is not a small task.
For this draft I would like to get more content feedback and less (really none) editorial. There is little point in editorial feedback so early when the spec is going to change significantly. Please start with the example in the appendix to get a general idea of what the discovery document looks like. There are a bunch of new terms to get used to, and if you never looked at an XRDS document before, maybe take a few minutes to read a quick tutorial.
I think we have two camps here, one with the idea of fully automated discovery, and the other looking for a simple format (maybe HTML) to just list the endpoints and maybe a tiny bit of detail about them. I tried to do both but gave up on the second, especially after the feedback from IIW.
Please note the new spec SVN depot. I copied all the Core 1.0 drafts in there but will keep the old depot specs for now (to maintain blog links). If you need write access let me know.