7. IANA Considerations (IANA 考虑)
以下注册程序用于本规范建立的注册表.
值基于规范要求 (Specification Required) [RFC8126] 进行注册,在 [email protected] 邮件列表上进行为期两周的审查期,并根据一名或多名指定专家 (Designated Experts) 的建议进行. 但是,为了允许在发布之前分配值,一旦指定专家确信将发布此类规范,他们就可以批准注册.
发送到邮件列表以供审查的注册请求应使用适当的主题(例如,"Request to register OAuth Authorization Server Metadata: example").
在审查期内,指定专家将批准或拒绝注册请求,并将此决定传达给审查列表和 IANA. 拒绝应包括解释,如果适用,还应包括有关如何使请求成功的建议. 超过 21 天未确定的注册请求可以提请 IESG 注意(使用 [email protected] 邮件列表)以进行解决.
指定专家应应用的标准包括确定提议的注册是否重复现有功能,确定它是否可能具有一般适用性还是仅对单个应用程序有用,以及注册是否有意义.
IANA 必须仅接受来自指定专家的注册表更新,并应将所有注册请求定向到审查邮件列表.
建议任命多名能够代表使用本规范的不同应用程序观点的指定专家,以便能够对注册决策进行广泛知情的审查. 在注册决策可能被视为为特定指定专家创建利益冲突的情况下,该指定专家应服从其他指定专家的判断.
7.1. OAuth Authorization Server Metadata Registry (OAuth 授权服务器元数据注册表)
本规范为 OAuth 2.0 授权服务器元数据名称建立了 IANA "OAuth Authorization Server Metadata" 注册表. 该注册表记录授权服务器元数据成员及其定义规范的引用.
指定专家必须:
(a) 要求正在注册的元数据名称和值仅使用可打印的 ASCII 字符,不包括双引号 ('"') 和反斜杠 ('\')(具有代码点 U+0021、U+0023 到 U+005B 和 U+005D 到 U+007E 的 Unicode 字符),或
(b) 如果定义了使用其他代码点的新元数据成员或值,则要求它们的定义指定用于表示它们的 Unicode 代码点的精确序列. 此外,禁止 (MUST NOT) 接受使用只能在 JSON 字符串中表示为转义字符的 Unicode 代码点的提议注册.
7.1.1. Registration Template (注册模板)
Metadata Name (元数据名称):
- 请求的名称(例如,"issuer"). 此名称区分大小写. 名称不得以不区分大小写的方式匹配其他已注册的名称(如果对两个字符串都应用 Unicode toLowerCase() 操作将导致匹配的方式),除非指定专家声明有令人信服的理由允许例外.
Metadata Description (元数据描述):
- 元数据的简要描述(例如,"Issuer identifier URL").
Change Controller (变更控制者):
- 对于标准跟踪 RFC,列出 "IESG". 对于其他情况,给出负责方的名称. 还可以包括其他详细信息(例如,邮政地址、电子邮件地址、主页 URI).
Specification Document(s) (规范文档):
- 对指定参数的文档的引用,最好包括可用于检索文档副本的 URI. 还可以包括相关章节的说明,但不是必需的.
7.1.2. Initial Registry Contents (初始注册表内容)
-
Metadata Name: issuer
-
Metadata Description: Authorization server's issuer identifier URL
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: authorization_endpoint
-
Metadata Description: URL of the authorization server's authorization endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: token_endpoint
-
Metadata Description: URL of the authorization server's token endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: jwks_uri
-
Metadata Description: URL of the authorization server's JWK Set document
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: registration_endpoint
-
Metadata Description: URL of the authorization server's OAuth 2.0 Dynamic Client Registration Endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: scopes_supported
-
Metadata Description: JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: response_types_supported
-
Metadata Description: JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: response_modes_supported
-
Metadata Description: JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: grant_types_supported
-
Metadata Description: JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: token_endpoint_auth_methods_supported
-
Metadata Description: JSON array containing a list of client authentication methods supported by this token endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: token_endpoint_auth_signing_alg_values_supported
-
Metadata Description: JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: service_documentation
-
Metadata Description: URL of a page containing human-readable information that developers might want or need to know when using the authorization server
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: ui_locales_supported
-
Metadata Description: Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: op_policy_uri
-
Metadata Description: URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: op_tos_uri
-
Metadata Description: URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: revocation_endpoint
-
Metadata Description: URL of the authorization server's OAuth 2.0 revocation endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: revocation_endpoint_auth_methods_supported
-
Metadata Description: JSON array containing a list of client authentication methods supported by this revocation endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: revocation_endpoint_auth_signing_alg_values_supported
-
Metadata Description: JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client at the revocation endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: introspection_endpoint
-
Metadata Description: URL of the authorization server's OAuth 2.0 introspection endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: introspection_endpoint_auth_methods_supported
-
Metadata Description: JSON array containing a list of client authentication methods supported by this introspection endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: introspection_endpoint_auth_signing_alg_values_supported
-
Metadata Description: JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: code_challenge_methods_supported
-
Metadata Description: PKCE code challenge methods supported by this authorization server
-
Change Controller: IESG
-
Specification Document(s): Section 2 of RFC 8414
-
Metadata Name: signed_metadata
-
Metadata Description: Signed JWT containing metadata values about the authorization server as claims
-
Change Controller: IESG
-
Specification Document(s): Section 2.1 of RFC 8414
7.2. Updated Registration Instructions (更新的注册说明)
本规范向以下 IANA 注册表的指定专家说明添加了内容,这两个注册表都在 "OAuth Parameters" 注册表 [IANA.OAuth.Parameters] 中:
- OAuth Access Token Types (OAuth 访问令牌类型)
- OAuth Token Endpoint Authentication Methods (OAuth 令牌端点认证方法)
IANA 已在这些注册表的参考部分添加了指向本规范的链接.
对于这些注册表,指定专家必须拒绝在一个注册表中对另一个注册表中已存在的值的注册请求. 这是必要的,因为 "introspection_endpoint_auth_methods_supported" 参数允许使用来自任一注册表的值. 这样,因为两个注册表中的值将继续是互斥的,因此不会产生歧义.
7.3. Well-Known URI Registry (众所周知的 URI 注册表)
本规范在 RFC 5785 [RFC5785] 建立的 IANA "Well-Known URIs" 注册表 [IANA.well-known] 中注册了第 3 节中定义的众所周知的 URI.
7.3.1. Registry Contents (注册表内容)
- URI suffix: oauth-authorization-server
- Change controller: IESG
- Specification document: Section 3 of RFC 8414
- Related information: (none)