draft-ietf-oauth-dyn-reg-management-01.txt   draft-ietf-oauth-dyn-reg-management-02.txt 
OAuth Working Group J. Richer OAuth Working Group J. Richer
Internet-Draft The MITRE Corporation Internet-Draft The MITRE Corporation
Intended status: Standards Track M. Jones Intended status: Standards Track M. Jones
Expires: November 23, 2014 Microsoft Expires: January 4, 2015 Microsoft
J. Bradley J. Bradley
Ping Identity Ping Identity
M. Machulak M. Machulak
Newcastle University Newcastle University
P. Hunt P. Hunt
Oracle Corporation Oracle Corporation
May 22, 2014 July 3, 2014
OAuth 2.0 Dynamic Client Registration Management Protocol OAuth 2.0 Dynamic Client Registration Management Protocol
draft-ietf-oauth-dyn-reg-management-01 draft-ietf-oauth-dyn-reg-management-02
Abstract Abstract
This specification defines methods for management of dynamic OAuth This specification defines methods for management of dynamic OAuth
2.0 client registrations. 2.0 client registrations for use cases in which the properties of a
registered client may need to be changed during the lifetime of the
client. Only some authorization servers supporting dynamic client
registration will support these management methods.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 23, 2014. This Internet-Draft will expire on January 4, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 32 skipping to change at page 3, line 32
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT',
'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Unless otherwise noted, all the protocol parameter names and values Unless otherwise noted, all the protocol parameter names and values
are case sensitive. are case sensitive.
1.2. Terminology 1.2. Terminology
This specification uses the terms "access token", "refresh token", This specification uses the terms "access token", "authorization
"authorization code", "authorization grant", "authorization server", code", "authorization endpoint", "authorization grant",
"authorization endpoint", "client", "client identifier", "client "authorization server", "client", "client identifier", "client
secret", "protected resource", "resource owner", "resource server", secret", "grant type", "protected resource", "redirection URI",
"response type", and "token endpoint" defined by OAuth 2.0 [RFC6749] "refresh token", "resource owner", "resource server", "response
and the terms defined by the OAuth 2.0 Client Dynamic Registration type", and "token endpoint" defined by OAuth 2.0 [RFC6749] and the
Protocol [OAuth.Registration]. terms defined by the OAuth 2.0 Client Dynamic Registration Protocol
[OAuth.Registration].
This specification defines the following terms: This specification defines the following terms:
Client Configuration Endpoint Client Configuration Endpoint
OAuth 2.0 endpoint through which registration information for a OAuth 2.0 endpoint through which registration information for a
registered client can be managed. This URL for this endpoint is registered client can be managed. This URL for this endpoint is
returned by the authorization server in the client information returned by the authorization server in the client information
response. response.
Registration Access Token Registration Access Token
skipping to change at page 14, line 30 skipping to change at page 14, line 30
because the client is no longer valid. To prevent accidental because the client is no longer valid. To prevent accidental
disclosure from such an erroneous situation, the authorization server disclosure from such an erroneous situation, the authorization server
MUST treat all such requests as if the registration access token was MUST treat all such requests as if the registration access token was
invalid (by returning an HTTP 401 Unauthorized error, as described). invalid (by returning an HTTP 401 Unauthorized error, as described).
6. Normative References 6. Normative References
[OAuth.Registration] [OAuth.Registration]
Richer, J., Jones, M., Bradley, J., Machulak, M., and P. Richer, J., Jones, M., Bradley, J., Machulak, M., and P.
Hunt, "OAuth 2.0 Dynamic Client Registration Protocol", Hunt, "OAuth 2.0 Dynamic Client Registration Protocol",
draft-ietf-oauth-dyn-reg (work in progress), May 2014. draft-ietf-oauth-dyn-reg (work in progress), July 2014.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework",
RFC 6749, October 2012. RFC 6749, October 2012.
skipping to change at page 15, line 21 skipping to change at page 15, line 21
to various versions of this document: Amanda Anganes, Derek Atkins, to various versions of this document: Amanda Anganes, Derek Atkins,
Tim Bray, Domenico Catalano, Donald Coffin, Vladimir Dzhuvinov, Tim Bray, Domenico Catalano, Donald Coffin, Vladimir Dzhuvinov,
George Fletcher, Thomas Hardjono, Phil Hunt, William Kim, Torsten George Fletcher, Thomas Hardjono, Phil Hunt, William Kim, Torsten
Lodderstedt, Eve Maler, Josh Mandel, Nov Matake, Tony Nadalin, Nat Lodderstedt, Eve Maler, Josh Mandel, Nov Matake, Tony Nadalin, Nat
Sakimura, Christian Scholz, and Hannes Tschofenig. Sakimura, Christian Scholz, and Hannes Tschofenig.
Appendix B. Document History Appendix B. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
-02
o Added more context information to the abstract.
-01 -01
o Addressed issues that arose from last call comments on o Addressed issues that arose from last call comments on
draft-ietf-oauth-dyn-reg and draft-ietf-oauth-dyn-reg-metadata. draft-ietf-oauth-dyn-reg and draft-ietf-oauth-dyn-reg-metadata.
-00 -00
o Created from draft-jones-oauth-dyn-reg-management-00. o Created from draft-jones-oauth-dyn-reg-management-00.
Authors' Addresses Authors' Addresses
 End of changes. 8 change blocks. 
13 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/