Metadata attribute details

appsdesh · appsdesh · commit 9d454cd4be78 · 2023-09-22T10:51:39.000-07:00
Added more details around the metadata attributes
diff --git a/openid-sharedsignals-framework-1_0.md b/openid-sharedsignals-framework-1_0.md
@@ -140,7 +140,7 @@ normative:
     date: May 2021
     target: https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers
     title: Subject Identifiers for Security Event Tokens
-  PROTECTEDSERVERMETADATA:
+  OPRM:
     author:
     - ins: M.B. Jones
       name: Michael B. Jones
@@ -562,18 +562,29 @@ TODO: consider adding a IANA Registry for metadata, similar to Section 7.1.1 of
 {{RFC8414}}. This would allow other specs to add to the metadata.
 
 ### Authorization scheme {#authorization-scheme}
-Authorization scheme used by the receiver to authorize with the Transmitter's management API for SET event stream. 
+SSF is an HTTP based signals sharing framework. It is agnostic to the authentication and authorization schems used to secure stream configuration APIs. It does not provide any SSF specific authentication and authorization schemes but relies on the cooperating parties mutual security considerations. Authorization scheme section of the metadata, providers disovery informaton related to the transmitter's stream management APIs. 
 
 type
 
-> The authorization scheme.  This specification defines the values "oauth", "oauth2", "oauthbearertoken" REQUIRED.
+> The authorization scheme.  This specification defines the values "oauth",
+  "oauth2", "oauthbearertoken" REQUIRED.
+
+spec_uri  
+
+> An HTTP-addressable URL pointing to the authentication scheme's 
+  specification.  OPTIONAL.
+
+documentation_uri  
+
+> An HTTP-addressable URL pointing to the authentication scheme's usage
+  documentation.  OPTIONAL.
 
 The receiver will call the transmitter APIs by providing appropriate credentials as mentioned in the type.
 
 
 If the Authorization scheme is OAuth2 
-- The Transmitter SHOULD publish Protected Server Metadata {{PROTECTEDSERVERMETADATA}} to aid the discovery of metadata needed to interact with an OAuth 2.0 protected resource.
-- Discovery of the Protected Server Metadata {{PROTECTEDSERVERMETADATA}} is outside the scope of this specification.
+- The Transmitter SHOULD publish Protected Server Metadata {{OPRM}} to aid the discovery of metadata needed to interact with an OAuth 2.0 protected resource.
+- Discovery of the Protected Server Metadata {{OPRM}} is outside the scope of this specification.
 - The receiver may obtain an access token using the Client
 Credential Grant {{CLIENTCRED}}, or any other method suitable for the Receiver and the
 Transmitter.
@@ -678,7 +689,9 @@ Content-Type: application/json
   "authorization_schemes": {
     [
       {
-        "type": "oauth2"
+        "type": "oauth2",
+        "spec_uri": "https://datatracker.ietf.org/doc/html/rfc6749",
+        "documentations_uri": "https://tr.example.com/oauth2-how-to"
       }
     ]
   }
