[WG-UMA] For email and Oct 9 discussion/closure: OAuth vs. UMA endpoint names (issue 84)

Mark Dobrinic mdobrinic at cozmanova.com
Thu Oct 16 03:26:19 CDT 2014


I think aligning with OAuth is a good idea. I have been wondering about
the meaning of "token_endpoint" and "user_endpoint", as they are nowhere
described or referenced throughout the spec.

So changing the wording to "authorization endpoint" is supported by me.
And I also think renaming "user_enpoint" to "authorization_endpoint" in
the AS ConfigData is a good idea that aligns with terminology and will
reference their OAuth meaning better.

Also: I vouch for "rpt_endpoint" to catch the combination of
"rpt_endpoint" and "authorization_request_endpoint", as this relates
more descriptively to the (rpt-related) service from the perspective of
the AS.

That's my take on things...

Cheers!

Mark


On 16/10/14 02:22, Maciej Machulak wrote:
> Hi all,
> 
> As promised during the call, I am commenting on the issue so that we can
> progress with resolving it.
> 
> I am OK with language changes... but I would like to discuss whether
> this will not cause further confusion if we decide to progress with
> authorization_endpoint and authorization_request_endpoint in the spec as
> well as in the configuration data. Maybe the latter endpoint should be
> called rpt_endpoint?
> 
> Cheers, Maciej
> 
> On 7 October 2014 17:15, Eve Maler <eve at xmlgrrl.com
> <mailto:eve at xmlgrrl.com>> wrote:
> 
>     https://github.com/xmlgrrl/UMA-Specifications/issues/84
> 
>     OAuth says (https://tools.ietf.org/html/rfc6749):
> 
>     - token endpoint
>     - authorization endpoint
> 
>     UMA says (http://docs.kantarainitiative.org/uma/draft-uma-core.html):
> 
>     - token endpoint
>     - user authorization endpoint
> 
>     And UMA's config data has properties for
>     (http://docs.kantarainitiative.org/uma/draft-uma-core.html#rfc.section.1.4):
> 
>     - token_endpoint
>     - user_endpoint
> 
>     The OAuth language was in flux and we were a little bit in flux with
>     it in the early days. Now that OAuth is settled, do we want to
>     change anything in either the conceptual language, such as removing
>     the word "user" (which would be fairly non-invasive), or the config
>     data, such as s/user_endpoint/authorization_endpoint (which would be
>     backwards incompatible but perhaps a relatively minor change in the
>     scheme of things)?
> 
>             Eve
> 
>     Eve Maler                                  http://www.xmlgrrl.com/blog
>     +1 425 345 6756 <tel:%2B1%20425%20345%206756>                       
>      http://www.twitter.com/xmlgrrl
> 
>     _______________________________________________
>     WG-UMA mailing list
>     WG-UMA at kantarainitiative.org <mailto:WG-UMA at kantarainitiative.org>
>     http://kantarainitiative.org/mailman/listinfo/wg-uma
> 
> 
> 
> 
> -- 
> Maciej Machulak
> email: maciej.machulak at gmail.com <mailto:maciej.machulak at gmail.com>
> mobile: +44 7999 606 767 (UK)
> mobile: +48 602 45 31 66 (PL)
> 
> 
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma
> 



More information about the WG-UMA mailing list