On Thu, Apr 15, 2010 at 12:38 PM, Chuck Mortimore <cmortim...@salesforce.com> wrote: > Could you please take another glance at what I posted? There are a number > of changes to the general assertion flow that are required for it to reflect > how this will be used in a lot of scenarios.
> (A) The client sends an access token request to the authorization server > and includes a self-issued assertion. Why self issued? > The value of the assertion parameter MUST be a valid SAML <Response> message Why saml Response instead of saml Assertion? Scope would be useful in this profile. Adding form-encoded content-type header to the examples would be useful. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
