Revert OAuth 2.0 Protected Resource Metadata parts of changes

As Atul pointed out this isn't actually an RFC yet... #227 (review)
openid · Jan 29, 2025 · b53eb39 · b53eb39
1 parent a2beb6e
commit b53eb39
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/openid-caep-interoperability-profile-1_0.md b/openid-caep-interoperability-profile-1_0.md
@@ -87,6 +87,13 @@ normative:
       - ins: D. Fett
       - ins: D. Tonge
       - ins: J. Heenan
+  OPRM:
+    target: https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-03.html
+    title: OAuth 2.0 Protected Resource Metadata
+    author:
+      -ins: M.B. Jones
+      -ins: P. Hunt
+      -ins: A. Parecki
 
 
 --- abstract
@@ -218,9 +225,9 @@ All events MUST be signed using the `RS256` algorithm using a minimum of 2048-bi
 ### OAuth Scopes
 Depending on the features supported by the OAuth service and the SSF APIs, the client SHALL discover the OAuth scopes as follows:
 
-1. If the Resource Server, hosting SSF configuration APIs, supports OAuth Protected Resource Metadata {{RFC8414}} then the client MUST obtain the required scopes by using it.
+1. If the Resource Server, hosting SSF configuration APIs, supports OAuth Protected Resource Metadata {{OPRM}} then the client MUST obtain the required scopes by using it.
 
-2. If the Resource Server does not support {{RFC8414}}, then the following scopes MUST be supported -
+2. If the Resource Server does not support {{OPRM}}, then the following scopes MUST be supported -
    - An OAuth {{RFC6749}} authorization server that is used to issue tokens to SSF Receivers, MUST reserve the scopes for the SSF endpoints with the prefix of `ssf`
    - All the SSF stream configuration management API operations MUST accept `ssf.manage` scope
    - All the SSF stream configuration Read API operations MUST accept `ssf.read` scope
@@ -233,7 +240,7 @@ Depending on the features supported by the OAuth service and the SSF APIs, the c
 * MUST verify the validity, integrity, expiration and revocation status of access tokens
 * MUST verify that the authorization represented by the access token is sufficient for the requested resource access.
 * If the access token is not sufficient for the requested action, the Resource server MUST return errors as per section 3.1 of [RFC6750]{{RFC6750}}
-* MAY publish the {{RFC8414}} to describe the metadata needed to interact with the protected resource.
+* MAY publish the {{OPRM}} to describe the metadata needed to interact with the protected resource.
 
 ## Security Event Token