Do we need to clarify 4.3.1 "repeats a parameter" description for "invalid_request" error code does not preclude parameters from repeating? I'm not sure.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Campbell > Sent: Monday, August 09, 2010 12:34 PM > To: oauth > Subject: [OAUTH-WG] more than one assertion? > > The question of allowing for multiple assertions in the SAML profile came up > recently. See http://www.ietf.org/mail- > archive/web/oauth/current/msg04068.html and several subsequent > messages in the thread. > > I pushed back on the idea at first due to added complexity. There are a > number of things that need to be addressed that aren't present in > the single assertion case. One of the sticker ones, to me, was how > to encode the assertions into the request. A SAML <Response> element > is a nice container for multiple assertions but using it in this context > seemed > awkward at best. A new schema could be defined or a special deliminator > character could be used but that seems excessive and kludgy respectively. > > What about pushing it up into the HTTP layer and allowing for multiple > occurrences of the assertion=XXX parameter in the POST body? I don't see > anything in core OAuth that would necessarily preclude doing this. > It seems cleaner and more lightweight than some of the other options. > And perhaps it could be a more general (not just SAML) method of sending > multiple assertions in a single assertion grant type request? > > It'd look something like this: > > POST /token.oauth2 HTTP/1.1 > Host: authz.example.net > Content-Type: application/x-www-form-urlencoded > > grant_type=assertion&assertion_type=http%3A%2F%2Foauth.net%2Fasse > rtion_type%2Fsaml%2F2.0%2Fbearer&assertion=[...1st > assertion...]&assertion= > [...2nd assertion...]&assertion=[...3nd assertion...] > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
