On Thu, Apr 1, 2010 at 12:24 PM, Eran Hammer-Lahav <[email protected]> wrote: > A generic assertion flow is too under-specified to be included.
Can you please give some more details, why is that? For any assertion flow to work the client and the authorization server must trust each other, leaving the assertion format details up to them seems reasonable to me. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
