Hi Pedro-- In UMA1 (RSR Sec 2.1
https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#re...)
the resource description had a uri parameter that could putatively be used
to populate discovery service entries, either directly in a Webfinger
resource or through indirection. We removed
https://kantarainitiative.org/confluence/display/uma/UMA+Release+Notes#UMARe...
it in UMA2 due to potential security and privacy considerations, but
labeled it an area where people may want to add an extension.
Of course, such a mechanism would be useful if the AS were used as a
*central* discovery service for the RO. The RS itself could make the RO's
resources discoverable any other way it wants to.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 19, 2017 at 5:59 AM, Pedro Igor Silva
Hello,
Have you ever considered WebFinger [1] to discover resources protected by a resource server ? For instance, that could help clients to obtain from the RS itself the resource identifier and AS in order to obtain a RPT without a permission ticket.
[1] https://tools.ietf.org/html/rfc7033
Regards. Pedro Igor
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma