A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Assertion Profile
Author(s) : Michael B. Jones
Folks,
As I mentioned at the last IETF (via jabber), the dynreg draft is
interested primarily in dynamic client registration (not discovery).
As such I've done some house-cleaning on the dynreg draft, removing
Section 5 that has some early discussion about discovery and using
section 7.2 (now
Thanks! This removes all my concerns about the charter.
EH
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Thomas Hardjono
Sent: Thursday, April 26, 2012 11:25 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Updated Dynamic Registration draft
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
Author(s) : Chuck Mortimore
Draft -11 of SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 and
draft -02 of OAuth 2.0 Assertion Profile have been published. The
changes address comments raised during WGLC on the two documents that
ended earlier this week. A summary of changes is included (with links
to the comment in the mail
Draft 04 of the OAuth 2.0 JWT Bearer Token Profiles
Specificationhttp://tools.ietf.org/html/draft-jones-oauth-jwt-bearer has been
published. This version tracks changes in the OAuth 2.0 Assertion
Profilehttp://tools.ietf.org/html/draft-ietf-oauth-assertions and SAML 2.0
Bearer Assertion
Phil said...
**However** Editorially I feel strongly the comments fall outside the
intended scope
and purpose for this document. This document is about threats specifically
related
to the OAuth protocol. It's intent is to go beyond security considerations
to give
implementers a feel
Oh, and sorry...
threats document should be addressing that overselling problem[1],
and if that means highlighting a few things that we think should be
obvious, I'm in favour of it.
...I forgot to include the footnote.
Barry
[1] Note that I'm NOT saying that the WG is overselling OAuth, but