attachment

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
Hi Mike,
<div><br>
</div>
<div>Thanks for the update to your draft.</div>
<div><br>
</div>
<div>After the call, I was reading RFC 9728 and in this section there is a sequence diagram that seems to indicate that it is the resource server itself, not the authorization server, that is providing the resource metadata. If the "resource server" is the
 server providing the resource the client is trying to access, in the IPP case that is the IPP Printer or System (or Job or Document), so it would be the Printer hosting the Protected Resource Metadata, not some other server / host? I'm guessing this is a generic
 HTTP / OAuth mechanism for providing what IPP can also provide using "oauth-authorization-scopes" and "oauth-authorization-server-uri"?
<div class="Apple-Mail-URLShareUserContentTopClass"><br>
</div>
<div class="Apple-Mail-URLShareWrapperClass" style="position: relative !important;">
<blockquote type="cite" style="border-left-style: none; color: inherit; padding: inherit; margin: inherit;">
<a href="https://www.rfc-editor.org/rfc/rfc9728.html#name-use-of-www-authenticate-for">https://www.rfc-editor.org/rfc/rfc9728.html#name-use-of-www-authenticate-for</a><br>
</blockquote>
</div>
<div><br>
</div>
Or am I reading this incorrectly?</div>
<div><br class="Apple-interchange-newline">
<div>Smith<br>
<br>
/**<br>
    Smith Kennedy<br>
    HP Inc.<br>
*/ </div>
<div><br>
<blockquote type="cite">
<div>On Jun 4, 2025, at 9:43 AM, Michael Sweet via ipp <ipp@pwg.org> wrote:</div>
<br class="Apple-interchange-newline">
<div>
<div>CAUTION: External Email<br>
<br>
All,<br>
<br>
I have posted yet another stable/LCRC draft of the IPP OAuth Extensions v1.0 (OAUTH) to:<br>
<br>
   https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippoauth10-20250603.docx<br>
   https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippoauth10-20250603.pdf<br>
   https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippoauth10-20250603-rev.pdf<br>
<br>
This draft clarifies usage of metadata for choosing extensions like PKCE and OpenID nonce, and adds implementation guidance WRT (auto/manual) client (pre)registration.<br>
<br>
________________________<br>
Michael Sweet<br>
<br>
_______________________________________________<br>
ipp mailing list<br>
ipp@pwg.org<br>
https://www.pwg.org/mailman/listinfo/ipp<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>

Comments are owned by the poster. All other material is Copyright © 2001-2025 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster