OAuth Authorization Server Metadata decoupled from OAuth Protected Resource Metadata

OAuth logoThe IETF OAuth working group decided at IETF 97 to proceed with standardizing the OAuth Authorization Server Metadata specification, which is already in widespread use, and to stop work on the OAuth Protected Resource Metadata specification, which is more speculative. Accordingly, a new version of the AS Metadata spec has been published that removes its dependencies upon the Resource Metadata spec. In particular, the “protected_resources” AS Metadata element has been removed. Its definition has been moved to the Resource Metadata spec for archival purposes. Note that the Resource Metadata specification authors intend to let it expire unless the working group decides to resume work on it at some point in the future. The specifications are available at: HTML-formatted versions are also available at:


Letters from the Land of the Protons #2

A consequence of the time I spend in the world of electrons - motionless, more or less, except for my fingers and my eyes - is that protons tend to congregate around my waist.  I try to fight this with exercise, but it's clear that I've got to cut down on the supply of these protons, too.

I work from a home office, and it's 100 steps (including 34 stairs, if you count down as well as up) from my desk to my refrigerator.  Apparently, walking consumes 0.045 calories per step, so my 100 steps uses up four and a half calories.  If I want to stay ahead of the game, I've got to have something in the fridge that puts fewer than four and a half calories back on, but is still big enough to feel Continue reading "Pickles"

Tumbleweed connections

I must have been 13, maybe 14. In Calcutta. I’d never lived anywhere else, something that wouldn’t change for a decade or so. I was sitting in a friend’s house, listening to a “new” album by someone whose music I’d only recently discovered. Elton John. The new album was called Tumbleweed Connection. The song I … Continue reading "Tumbleweed connections"

Media Type registration added to CBOR Web Token (CWT)

IETF logoThe CBOR Web Token (CWT) specification now registers the “application/cwt” media type, which accompanies the existing CoAP Content-Format ID registration for this media type. The description of nested CWTs, which uses this content type, was clarified. This draft also corrected some nits identified by Ludwig Seitz. The specification is available at: An HTML-formatted version is also available at:

Voyages of discovery

Of late, I’ve been spending quite some time thinking about longitudinal studies; a number of you have engaged with me with encouraging feedback after my most recent post on this, on the impact of change and the time it takes to assess that impact. There are many reasons for this, but there’s a principal one. … Continue reading "Voyages of discovery"

The Spirit Thermometer

Letters from the Land of the Protons #1

It has, as usual, been hot and cold here in Texas between the third Sunday of Advent and Epiphany. You could literally have given yourself a heatstroke while jogging at noon on December 17 and frozen your tongue to a metal pole at noon the next day, if you didn't have much sense in any kind of weather.

I have a record of the whole thing, because of the weather station I installed in my back yard (it's a long story, but the nub of my motivation is that we live in a kind of hyper-local rain shadow, so the Austin news stations' summaries of how much rain the area receives tell me nothing about whether I should turn the sprinkler system on or off). Here's the temperature graph for 15 December 2016 through 6 January 2017:

I love the weather station;
Continue reading "The Spirit Thermometer"

… and crime travel

I didn’t have a passport until I was approaching my 23rd birthday. But that didn’t stop me from travelling far and wide. Calcutta was a truly cosmopolitan city in those days; people from many cultures would pass through. While one generation of people, rooted in empire, left to find those roots, another, younger generation came … Continue reading "… and crime travel"

Time travel

On any given day I get sent maybe 20-25 messages through one communications channel or other, with links to new sites or apps. Most of them are of no value to me at all. Maybe I’m growing old. A friend sent me a link today; I can usually rely on him to send me interesting things, … Continue reading "Time travel"

Thinking lazily about notifications and alerts: Part 2

This is the second in a series on notifications and alerts, building on what I started sharing earlier today, as promised. First, a musical interlude. Someone’s knocking at the door, somebody’s ringing the bell/ Do me a favour/Open the door/And let them in. Mum, the kettle’s boiling/Daddy, what’s the time/Sis, look what you’re doing/Can’t you … Continue reading "Thinking lazily about notifications and alerts: Part 2"

Using RSA Algorithms with COSE Messages

IETF logoThe specification Using RSA Algorithms with COSE Messages defines encodings for using RSA algorithms with CBOR Object Signing and Encryption (COSE) messages. This supports use cases for the FIDO Alliance and others that need this functionality. Security Area Director Kathleen Moriarty has agreed to AD sponsorship of this specification. This specification incorporates text from draft-ietf-cose-msg-05 – the last COSE specification version before the RSA algorithms were removed. The specification is available at: An HTML-formatted version is also available at: Review feedback is welcomed!

Comfort-break songs

Those who come here regularly know that I’m stuck in a time-warp when it comes to music. Early sixties to mid seventies. 99% of the music I listen to was made then. It’s not that I dislike the music made before or after; it’s more to do with the fact that so much great music … Continue reading "Comfort-break songs"

Highs and lows

Yup, it’s another cricket statistics post. Continue at your peril. Last week England lost a Test match (the 5th Test in Chennai) by an innings, after scoring 477 in the 1st innings, that too after winning the toss and choosing to bat first. The defeat followed on the heels of a similar defeat in the previous Test … Continue reading "Highs and lows"