Description
This question comes from experimenting with node-oidc-provider, the OIDC Provider component used in the Community Server. In its latest version, node-oidc-provider bases its support for JWT-formatted Access Tokens on OAuth Resource Indicators (see RFC 8707: by default, the OP returns opaque Access Tokens, and it may be configured to return JWT Access Tokens instead based on the Client-specified Resource Indicator. It is also possible to provide a default indicator to be used in the case when the Client does not specify any Resource Indicator.
While this is a specific use case which does not mandate a spec change, I found it an interesting consideration. The assumption in the RFC seems to be that there is an a-priori knowledge of the RS the OP is issuing tokens for, which does not apply in an ecosystem such as Solid. However, in the same way that the spec mandates that a Solid-OIDC compliant OP should emit Access Tokens with the value solid as their audience, it may include a recommendation for an IRI identifying all of Solid RS, rather than the Clients trying to guess which RS they will be interacting with, or each OP coming up with ad-hoc ways of identifying Solid-compliant RS. The RFC mandates that the Resource Indicator is an IRI, so I guess Solid-OIDC could include a MAY suggesting to use something like http://www.w3.org/ns/solid/ for a Resource Indicator if the Clients desire so, and the OP may use it to make a distinction between Solid and non-Solid RS. The Client-provided Resource Indicator does not need to be used as-is in the audience, so keeping the current solid audience is not an issue, even though it could be considered making it the same IRI.
Do you think such an addition is worth considering, or is it preferable to keep these specifications completely orthogonal and leave it up to individual OP and Clients to use Resource Indicators as they see fit ?