The assertion flow included in the specification doesn't offer enough to provide interop. Previous discussions ruled out the idea of offering a single SAML 2.0 based flow.
Proposal: Leave the flow as a generic assertion flow, using SAML 2.0 as an example, and defining the syntax/values of the format parameter. As long as the format parameter is well-defined, the rest can be left for assertion-language-specific specs and implementations. Needed: Language defining the format parameter in a way which ensures interop across clients using the same format value (i.e. Registry, URI-based, etc). EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
