I meant to say that there would be two new examples in each of draft-ietf-oauth-saml2-bearer and draft-ietf-oauth-jwt-bearer. Sorry, the way I said it before was kind of misleading.
On Wed, Sep 12, 2012 at 1:58 PM, Brian Campbell <[email protected]> wrote: > WG, > > Here is my long overdue proposal to address questions/comments raised > in http://www.ietf.org/mail-archive/web/oauth/current/msg09512.html > indicating there was some potential confusion about the orthogonally > and separability of client assertion authentication and assertion > grants. > > Each of draft-ietf-oauth-assertions, draft-ietf-oauth-saml2-bearer and > draft-ietf-oauth-jwt-bearer have brief language in the introduction > that says that authentication and authorization are orthogonal and > that can be used together or separately. I'd like to update that text > in SAML and JWT to match the recent edit made in -05 of > draft-ietf-oauth-assertions and add the following (with small > variations to match context) to it in each document: > > "Client assertion authentication is nothing more than an alternative > way for a client to authenticate to the token endpoint and must be > used in conjunction with some grant type to form a complete and > meaningful protocol request. Assertion authorization grants may be > used with or without client authentication or identification. Whether > or not client authentication is needed in conjunction with an > assertion authorization grant, as well as the supported types of > client authentication, are a policy decisions at the discretion of the > authorization server." > > I'd also like to include two new examples in > draft-ietf-oauth-saml2-bearer and draft-ietf-oauth-jwt-bearer that > show access token requests using a token/assertion as a grant type and > as client authentication respectively. > > I went ahead an produced preliminary drafts of each of the documents > with the changes mentioned herein. Text versions along with the XML > source of those are attached. Comments, questions and corrections are > welcome as always. But barring any objection, I'd like to proceed with > publishing new drafts containing these changes relatively soon. > > Thanks, > Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
