Stephen, I'm working on updating these drafts and as I look again at the text that's in §5. Interoperability Considerations and the requirement in §3 Assertion Format and Processing Requirements to compare these values using the Simple String Comparison (absent an application profile specifying otherwise) I'm not sure what to say or where based on your suggestion below. Is there something specific you can suggest (and where to put it)?
Thanks, Brian On Thu, Oct 16, 2014 at 3:20 PM, Brian Campbell <bcampb...@pingidentity.com> wrote: > > On Thu, Oct 16, 2014 at 2:54 PM, Stephen Farrell < > stephen.farr...@cs.tcd.ie> wrote: > >> >> > Some stuff needs to be exchanged out-of-band for this to work. >> > Entity/issuer/audience identifiers are part of that. This need is >> discussed >> > in the Interoperability Considerations at >> > https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-21#section-5 >> >> So I think it'd be good to explicitly call out that these >> mappings are basically required and that they can be fraught >> (e.g. if someone uses wildcards badly, which they do). >> > > OK, I will add something to that effect in the next revisions. > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth