These RFCs are all pertain to OAuth Client Authentication using signed assertions:
* RFC 7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants * RFC 7522 - Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants * RFC 7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants I'd encourage you to think about whether using the JWT Profile, in particular, would achieve the goals you're after. Best wishes, -- Mike
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace