I updated the OAuth JWT Bearer Token Profile<http://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html> spec to track the changes made in the OAuth SAML Bearer Token Profile<http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer> spec. draft-jones-oauth-jwt-bearer-01<http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-01.html> * Merged in changes from draft-ietf-oauth-saml2-bearer-09. In particular, this draft now uses draft-ietf-oauth-assertions, rather than being standalone. It also now defines how to use JWT bearer tokens both for Authorization Grants and for Client Authentication. Meanwhile, Chuck Mortimore updated the OAuth Assertion Profile<http://tools.ietf.org/html/draft-ietf-oauth-assertions-01> spec to incorporate working group feedback. In particular, the client_id parameter is now optional, as in some cases it may be carried in the assertion, rather than as a parameter.
The specs are available in the standard places. The HTML versions can be found at these locations: * http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-01 * http://tools.ietf.org/html/draft-ietf-oauth-assertions-01 * http://self-issued.info/docs/draft-jones-oauth-jwt-bearer-01.html Feedback welcome! -- Mike
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
